Business Development Representative at xorlab driving proactive lead generation in cybersecurity market. Collaborating closely with sales and marketing team to optimize lead development processes.
About the role
- Senior Manager overseeing Security Risk Management at First American. Leading enterprise policies, third-party vendor security, and security strategy execution.
Responsibilities
- Lead the lifecycle management of enterprise Information Security policies, standards, baselines, and guidelines
- Ensure alignment with regulatory requirements, industry frameworks (e.g., NIST CSF, ISO 27001), and internal risk posture
- Oversee periodic reviews, updates, and governance activities for all security documentation
- Lead the enterprise Information Security–focused TPRM program, ensuring all third parties with access to corporate data, systems, or facilities undergo rigorous security risk assessments
- Maintain assessment methodologies centered on security controls, including data protection, access management, vulnerability management, encryption practices, incident response maturity, and cloud security posture
- Oversee due diligence processes, security questionnaires, evidence reviews, attestations (SOC 2, ISO 27001, penetration tests), and follow‑up remediation activities
- Partner with Procurement, Legal, and business stakeholders to ensure contracts include appropriate security obligations, such as breach notification requirements, minimum security standards, and right‑to‑audit language
- Monitor ongoing vendor security risk through periodic reassessments, continuous monitoring tools, and threat intelligence related to third‑party ecosystems
- Deliver metrics and executive‑level reporting on the security posture of third parties, highlighting emerging risks, systemic gaps, and required remediation actions
- Support the development and execution of the long‑term security strategy
- Partner closely with cross‑functional business teams and IT leadership to ensure security strategy aligns with organizational goals, technology roadmaps, and operational priorities
- Provide expert insight into risk-based prioritization, investment planning, and roadmap development
- Monitor regulatory, threat, and technology trends to inform strategic decisions
- Oversee the enterprise security awareness program, including phishing simulations, mandatory training, campaigns, and targeted education for high‑risk groups.
Requirements
- 8+ years of experience in Information Security, Risk Management, Compliance, or related fields
- 3+ years in a leadership role
- Strong knowledge of security frameworks (NIST, ISO, SOC 2, CIS), risk methodologies, and regulatory requirements
- Experience leading enterprise policy programs and vendor risk management activities
- Proven ability to collaborate and influence across all levels of the organization
- Excellent written and verbal communication skills with the ability to influence stakeholders, present to executives, and simplify complex risk topics
Benefits
- health insurance
- dental
- vision
- 401k
- PTO/paid sick leave
- employee stock purchase plan
Job title
Job type
Experience level
Salary
Degree requirement
Tech skills
Location requirements
Cyber Security Architect responsible for IT security compliance and cyber - risk management at a Swiss utility firm. Engaging with cross - functional teams to implement 'Secure - by - design' strategies.
Information Security Officer ensuring cybersecurity at an IT service provider for food and beverage sector. Developing strategies and overseeing security protocols while reporting to management.
Head of Information Security at Aurora shaping security strategy and governance in a software - focused global business. Leading security efforts to ensure resilience and compliance across operations.
Senior Security Engineer specializing in penetration testing and security strategies for fintech. Collaborating with teams to enhance security for AI applications and financial systems.
Principal Cyber Security Engineer for Identity Access Management at MSK managing identity solutions and advanced identity platforms. Partnering with stakeholders to align identity strategy and lead IAM initiatives.
Join The Missing Link as a Security Engineer, leveraging 3 - 4 years of IT Security experience. Lead projects in a collaborative environment with a focus on innovation and impact.
Engineer in Health, Safety and Environment for ArianeGroup focusing on industrial risk management. Involves audits, assessments, and safety training participation.
Senior Product Security Engineer at Red Hat focusing on security and compliance for digital sovereign products while collaborating across global teams and enhancing automation.
Security Engineer safeguarding K - 12 student data in several locations for EduTech startup. Designing secure software systems and ensuring data protection to comply with privacy standards.