Third Party Risk Management and Customer Trust Lead

Posted 7 Days Ago
Be an Early Applicant
Foster City, CA, USA
Hybrid
210K-270K Annually
Senior level
Artificial Intelligence • Cloud • Machine Learning • Software • Database • App development • Generative AI
Introducing Replit Agent 4 - built to unlock your creativity. Plan. Design. Build. All at once.
The Role
Lead and operate a substantive third-party risk management program: evaluate SOC 2, pen tests, and architectures; review and redline security contract terms with Legal; maintain vendor/AI risk registers; enable customer trust for Sales; and build continuous monitoring and scalable vendor review capabilities.
Summary Generated by Built In

Replit is the agentic software creation platform that enables anyone to build applications using natural language. With millions of users worldwide, Replit is democratizing software development by removing traditional barriers to application creation.


About the role:

Replit’s ecosystem is powered by an expanding array of external services and essential AI model partners. As our lead for Security Vendor Risk & Contract Reviews, you will architect and execute a risk management program focused on substantive evaluation rather than just processing checklists. You’ll analyze SOC 2 documentation, security assessments, and system architectures to determine actual risk profiles, collaborating with our Legal team to secure necessary contractual protections. This role reports to the Head of Security GRC and involves high-impact partnerships across Legal, Engineering, and Product teams.


What You'll Do
  • Run substantive third-party risk management (TPRM), independently evaluating real risk, not just processing questionnaire responses

  • Review SOC 2 reports, pen test findings, and architecture documentation to form an independent view of vendor risk, extending the same rigor to AI/model providers

  • Partner with Legal on vendor and AI contract terms, including DPAs, subprocessor agreements, and AI-specific provisions

  • Review contracts for non-standard security language when flagged by Legal or deal desk, and recommend redlines

  • Maintain the vendor and AI/model risk register, feeding findings into the company's master risk register

  • Enable sales through maturing the customer trust program

  • Build the capability for continuous monitoring of vendor ecosystem


Required Skills & Experience
  • 8+ years in third-party/vendor risk management, security risk, or a related GRC role

  • Demonstrated ability to independently assess vendor risk rather than relying on questionnaire responses alone, fluent in reading SOC 2 reports, ISO certificates, pen test summaries, and architecture documentation

  • Experience reviewing or redlining security and data-handling contract language, ideally in partnership with a legal team

  • Working knowledge of data privacy fundamentals (GDPR, CCPA) as they relate to vendor and subprocessor relationships

  • Strong cross-functional collaboration skills — this role touches Legal, Engineering, Product, and Sales regularly

  • Experience building repeatable, scalable vendor review processes rather than inheriting an existing one


Bonus Qualifications
  • Direct experience assessing foundation model providers or AI/ML vendors specifically

  • Experience automating or streamlining third-party review workflows (e.g., continuous vendor monitoring, automated evidence pulls) is a plus

  • Familiarity with NIST AI RMF, ISO 42001, or the EU AI Act

  • Background at an AI-native product company or an LLM/model provider

  • Paralegal experience or formal contract review training

  • Relevant certifications (CTPRP, CISSP, CIPP/E)

This is a full-time role that can be held from our Foster City, CA office. The role has an in-office requirement of Monday, Wednesday, and Friday.

Full-Time Employee Benefits Include:

💰 Competitive Salary & Equity

💹 401(k) Program with a 4% match (US Only)

⚕️ Health, Dental, Vision and Life Insurance

🩼 Short Term and Long Term Disability

🚼 Paid Parental, Medical, Caregiver Leave

🏝 Flexible Time Off (FTO) + Holidays

🚗 Commuter Benefits (In-Office Only)

📱 Monthly Wellness Stipend

🧑‍💻 Autonomous Work Environment

🖥 In Office Set-Up Reimbursement (In-Office Only)

🚀 Quarterly Team Gatherings

☕ In Office Amenities (In-Office Only)

Want to learn more about what we are up to?

  • Meet the Replit Agent

  • Replit: Make an app for that

  • Replit Blog

  • Amjad TED Talk

Interviewing + Culture at Replit

  • Operating Principles

  • Reasons not to work at Replit

To achieve our mission of making programming more accessible around the world, we need our team to be representative of the world. We welcome your unique perspective and experiences in shaping this product. We encourage people from all kinds of backgrounds to apply, including and especially candidates from underrepresented and non-traditional backgrounds.

Skills Required

  • 8+ years in third-party/vendor risk management, security risk, or related GRC role
  • Demonstrated ability to independently assess vendor risk using SOC 2 reports, ISO certificates, pen test summaries, and architecture documentation
  • Experience reviewing or redlining security and data-handling contract language in partnership with legal
  • Working knowledge of data privacy fundamentals (GDPR, CCPA) as they relate to vendor and subprocessor relationships
  • Strong cross-functional collaboration skills with Legal, Engineering, Product, and Sales
  • Experience building repeatable, scalable vendor review processes rather than inheriting an existing one
  • Ability to maintain vendor and AI/model risk registers and feed findings into master risk register
  • Role requires in-office attendance in Foster City, CA on Monday, Wednesday, and Friday
  • Direct experience assessing foundation model providers or AI/ML vendors (bonus)
  • Experience automating third-party review workflows or continuous vendor monitoring (bonus)
  • Familiarity with NIST AI RMF, ISO 42001, or EU AI Act (bonus)
  • Paralegal experience or formal contract review training (bonus)
  • Relevant certifications such as CTPRP, CISSP, CIPP/E (bonus)

Replit Compensation & Benefits Highlights

The following summarizes recurring compensation and benefits themes identified from responses generated by popular LLMs to common candidate questions about Replit and has not been reviewed or approved by Replit.

  • Parental & Family Support Parental leave spans up to 24 weeks for birth parents with additional paid medical, bonding, and family‑care leave. These policies are characterized as generous compared to common U.S. tech norms.
  • Healthcare Strength Medical, dental, and vision coverage are paired with an employer‑funded HSA plus life and disability insurance. Options like FSA/DFSA and mental‑health support further reinforce the health offering.
  • Wellbeing & Lifestyle Benefits Monthly wellness stipends, learning and development funds, and recognition programs add ongoing value beyond cash compensation. Office meals, commuter benefits, and onsite amenities enhance day‑to‑day experience for those near the HQ.

Replit Insights

Am I A Good Fit?
beta
Get Personalized Job Insights.
Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.

The Company
HQ: San Francisco, CA
300 Employees
Year Founded: 2016

What We Do

Replit is the agentic software creation platform that enables anyone to build applications using natural language. With millions of users worldwide and over 500,000 business users, Replit is democratizing software development by removing traditional barriers to application creation.

Similar Jobs

Xero Logo Xero

Executive Assistant

Cloud • Fintech • Information Technology • Machine Learning • Software
Hybrid
San Mateo, CA, USA
4500 Employees
106K-133K Annually

HiBob Logo HiBob

Customer Experience Engineer – Benefits Administration

HR Tech • Information Technology • Professional Services • Sales • Software
Remote or Hybrid
United States
1350 Employees
103K-129K Annually

HiBob Logo HiBob

VP Payroll & Benefits (Services & Operations)

HR Tech • Information Technology • Professional Services • Sales • Software
Remote or Hybrid
United States
1350 Employees
230K-290K Annually
Hybrid
Menlo Park, CA, USA
205000 Employees
37K-66K Hourly

Similar Companies Hiring

Hanover Park Thumbnail
Artificial Intelligence • Fintech • Software • Financial Services
New York, New York
42 Employees
Kepler  Thumbnail
Fintech • Software
New York, New York
6 Employees
LTX Thumbnail
Conversational AI • Generative AI
Jerusalem, Israel
360 Employees

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account