About this role
Lead Security Governance and Third-Party Risk Management programs; own policy, controls, and KPIs; scale governance across vendor life cycle; build and lead a team; report to executives and regulators.
Key Responsibilities
- Own program strategy & governance
- Lead Security TPRM across vendor lifecycle
- Oversee fourth-party oversight and remediation cycles
- Manage KPIs and dashboards
- Build and scale Governance and TPRM teams
Technical Overview
Focus on governance frameworks (NIST, ISO 27001), TPRM tooling (AuditBoard, Jira, BI tools), CI/CD integration security, threat modeling, regulatory engagements
Ideal Candidate
The ideal candidate is a senior security leader with a proven track record delivering governance and TPRM programs in fintech or regulated environments; strong relationship management with executive stakeholders; hands-on tooling experience (AuditBoard, Jira, BI tools).
Must-Have Skills
7+ years in information securityrisk managementor GRC roleswith a minimum of 3 years managing teamsDemonstrated ownership of a TPRM program or security governance program in a regulated or high-growth technology environment (fintech preferred)Strong knowledge of security frameworks (NISTISO)compliance standards (SOC2PCI)and vendor risk processes (IRQ/DDQ/SME assessments)Hands-on familiarity with TPRM/GRC tooling and observability: AuditBoard (or equivalent)JiraBI tools (Sigma/Tableau/Looker)and experience with integrations/APIsExcellent stakeholder management across legalprocurementengineeringproductand executive leadershipCertifications such as CISSPCISMCRISCor similarPractical experience with threat-modeling approaches and third-party integration security (APISSO/OAuth/SAMLTLS)Experience scaling automation for GRC/TPRM programs and integrating security checks into CI/CD pipelinesPrior experience in fintech or highly regulated industries
Nice-to-Have Skills
CISSPCISMCRISC
Tools & Platforms
AuditBoardJiraSigmaTableauLookerMetricStreamAPIsCI/CD
Required Skills
Security governancesecurity risk managementthird-party risk managementGRCNIST CSFISO 27001SOC 2PCIAuditBoardJiraSigmaTableauLookerMetricStreamthreat modelingCI/CDAPIsSSO/OAuth/SAMLTLSfintechvendor riskinternal audit liaisonregulatory engagementsCISSPCISMCRISC
Hard Skills
Security GovernanceSecurity Third-Party Risk Management (TPRM)NIST CSFISO 27001SOC 2PCIAuditBoardJiraSigmaTableauLookerMetricStreamThreat modelingAPIsCI/CD checksApexREST APISOAP API
Soft Skills
Excellent stakeholder managementStrong communicationLeadershipStrategic thinkingAbility to influence decisionsProblem solvingTeam buildingCross-functional collaboration
Keywords for Your Resume
senior managersecurity governancesecurity third-party risk managementTPRMNIST CSFISO 27001SOC 2PCIAuditBoardJiraSigmaTableauLookerMetricStreamAPIsCI/CDThreat modelingSSO/OAuth/SAMLTLSfintechvendor riskinternal audit liaisonregulatory engagementsCISSPCISMCRISCthird-party risk managementnist csfiso 27001soc 2pciauditboardjiratableau
Deal Breakers
Lack of 7+ years information security experience, No experience managing teams (3+ years), No fintech or regulated industry experience, Lack of knowledge of NIST/ISO frameworks, Inability to work with remote/hybrid environment
Get matched to jobs like this
Luna finds roles that fit your skills and career goals — no endless scrolling required.
Create a Free Profile