Lead Assessor - Third Party Application Security & Vendor Assurance

ADP is hiring a Lead Assessor - Third Party Application Security & Vendor Assurance

Are you passionate about cybersecurity and third-party risk management?

Do you thrive in an environment that values security, compliance, and risk-based decision-making?

Join ADP’s Global Security Organization (GSO) and play a critical role in protecting one of our most valuable assets—employee data.

Our clients trust us to secure their information, and we ensure integrity, confidentiality, and compliance at every stage of the information lifecycle.

Position Summary

The lead Assessor will evaluate the security risks introduced by third-party software suppliers, with a strong focus on software supply chain risk, administrative controls, and overall security governance. This role requires deep expertise in the Software Development Life Cycle (SDLC), Software bill of materials strong analytical skills, technical acumen, and the ability to collaborate effectively across global teams, including Business Units, Procurement, Legal, Privacy, and other GSO teams.

A critical responsibility of this role is to assess and monitor software supply chain risks by evaluating security posture of third-party components. This includes analyzing the use of open-source and third-party libraries, validating vendor patching and update processes, assessing secure coding practices, and ensuring adherence to organizational and regulatory requirements.  The assessor will also play a key role in driving continuous improvement in supply chain visibility and resilience.

The ideal candidate will have a deep understanding of infrastructure and application security architecture, SDLC processes, SBOM, encryption mechanisms, strong authentication, business resiliency, and other technical security concepts necessary to identify and mitigate risks effectively.

If you’re looking to make an impact in securing ADP’s third-party ecosystem, apply today and become part of our mission to protect critical data and infrastructure.

Like what you see?  Apply now!

Learn more about ADP at tech.adp.com/careers

Responsibilities

Assess third party software supply chain risks by evaluating security posture of third-party components including the open-source and third-party libraries.

• Conduct in-depth third-party risk assessments, focusing on technical security controls, compliance with ADP standards and industry best practices.
• Analyze SCA, penetration test reports, security architecture diagrams and vulnerability assessments to evaluate vendor security posture.
• Identify, document and report security gaps, collaborating with business leaders and vendors to develop remediation strategies.
• Monitor the remediation progress of identified security gaps, ensuring third parties address vulnerabilities in a timely manner.
• Guide third-party vendors in understanding security gaps and provide remediation options based on industry best practices.
• Communicate complex technical security findings to stakeholders including those with non-technical backgrounds.
• Partner with internal teams to drive third-party risk awareness and develop strategies to mitigate risks effectively.
• Stay updated on emerging threats, vulnerabilities, and evolving security technologies to enhance the third-party risk assessment process.
• Contribute to continuous improvement of the third-party risk management program by recommending and implementing new methodologies and best practices.

To Succeed In This Role:

• You'll have a bachelor’s in computer science, Cybersecurity, Information Systems, the equivalent
• 5–8+ years of experience in information security, security risk assessment, penetration testing and third-party/vendor risk management.

Qualifications Required

• Strong knowledge of software supply chain security principles, including SBOM (Software Bill of Materials), SCA (Software Composition Analysis), and secure development practices.
• Knowledge of security frameworks such as NIST 800-53, ISO 27001, SOC 2, CSA CCM and CIS Controls.
• Proficiency in assessing SDLC processes, application architecture, and secure coding practices.
• Strong technical expertise in security controls, network architecture, cloud security and vulnerability management.
• Hands-on experience with risk assessment tools and technologies, such as vulnerability scanners, GRC platforms, and third-party risk platforms (e.g., Archer, Process Unity BitSight, Security Scorecard, One Trust).
• Familiarity with regulatory requirements such as GDPR, HIPAA, SOX, and industry-specific compliance mandates.
• Strong understanding of encryption standards, authentication protocols, and access controls.
• Experience collaborating with cross-functional teams including Legal, Procurement, Engineering, and Compliance.
• Familiarity with attack techniques, threat modeling and security architecture principles.
• Passion for cybersecurity and a proactive approach to learning emerging security threats and technologies.
• Excellent verbal and written communication skills, with the ability to explain security risks to technical and non-technical audiences.

Qualifications Preferred

• Certified Information Systems Security Professional (CISSP)
• Certified Information Security Auditor (CISA)
• Certified in Risk and Information Systems Control (CRISC)
• Certified Third Party Risk Professional (CTPRP)
• AWS, Azure and GCP Security certifications (optional but beneficial)
• What are you waiting for?  Apply today!
• Find out why people come to ADP and why they stay: https://youtu.be/ODb8lxBrxrY
• (ADA version: https://youtu.be/IQjUCA8SOoA )

Qualifications

#Li-Sd4

#Li-Hybrid