About this role
About Us
HighRadius, a renowned provider of cloud-based Autonomous Software for the Office of the CFO, has transformed critical financial processes for over 1000+ leading companies worldwide.Trusted by prestigious organizations like 3M, Unilever, Anheuser-Busch InBev, Sanofi, Kellogg Company, Danone, Hershey's, and many others, HighRadius optimizes order-to-cash, treasury, and record-to-report processes, earning us back-to-back recognition in Gartner's Magic Quadrant and a prestigious spot in Forbes Cloud 100 List for three consecutive years.
With a remarkable valuation of $3.1B and an impressive annual recurring revenue exceeding $100M, we experience a robust year-over-year growth of 24%. With a global presence spanning 6+ locations, we're in the pre-IPO stage, poised for rapid growth. We invite passionate and diverse individuals to join us on this exciting path to becoming a publicly traded company and shape our promising future.
Job Summary:
The candidate will be the frontline defender against risks introduced by our external ecosystem. This is a technical leadership role focused on ensuring that every vendor, partner, and service provider meets our stringent security standards before and after onboarding.
The Candidate will combine deep technical auditing ski ls with rapid incident response capabilities, particularly during critical "Zero-Day" events where third-party transparency is vital.
Responsibilities:
1. Sourcing & Pre-Onboarding Assessment
● Inherent Risk Tiering: Evaluate new vendors during the sourcing phase to determine their risk level based on data access, network connectivity, and business criticality.
● Security Due Diligence: Review SOC2 reports, ISO certifications, and other critical reports. Conduct technical deep dives into vendor architecture to identify potential "hidden" risks.
● Go/No-Go Recommendations: Provide clear, risk-based recommendations to Procurement and Business owners regarding the suitability of a vendor.
2. Annual Vendor Assessment & Monitoring
● Periodic Re-assessments: Lead the annual security review for existing critical vendors to ensure their security posture has not degraded.
● Continuous Monitoring: Utilize security rating tools (e.g., BitSight, SecurityScorecard) to monitor vendor health in real-time and trigger investigations upon significant score drops.
● On-site/Virtual Audits: Lead technical audit sessions with high-risk vendors to verify the effectiveness of their reported controls.
3. Proof of Concept (POC) for Security Tools
● Tool Evaluation: Lead POCs for new GRC or TPRM automation tools. Define success criteria, test integrations, and evaluate the technical efficacy of the software.
● Architecture Integration: Ensure selected TPRM tools integrate seamlessly with internal systems like Jira, ServiceNow, or SIEM platforms.
4. Zero-Day & Incident Response
● Critical Communication: Act as the primary technical point of contact during Zero-Day attacks (e.g., Log4j, MOVEit).
● Vendor Outreach & Confirmation: Orchestrate mass communication to al critical vendors to confirm their exposure and demand evidence of patching or mitigation.
● Blast Radius Analysis: Determine which internal services are at risk based on the vulnerabilities reported by third-party providers.
Required Skills and Experience:
Technical Skills
● Auditing Frameworks: Mastery of NIST 800-53, ISO 27001, SOC 2, and SIG (Standardized Information Gathering) questionnaires.
● Vulnerability Knowledge: Strong understanding of the OWASP Top 10 and the ability to interpret CVEs and CVSS scores during vendor assessments.
● Security Tooling: Hands-on experience with TPRM platforms (e.g., OneTrust, Prevalent, Venminder) and external rating tools.
● Cloud Security: Ability to assess security configurations in AWS, Azure, or GCP environments provided by SaaS/PaaS vendors.
Experience
● Professional Background: 5+ years in Cybersecurity, with at least 3 years specifically in Third Party Risk Management.
● Incident Handling: Proven experience managing vendor communications during high-pressure security incidents or global Zero-Day events.
● Project Management: Experience leading the technical evaluation (POC) and implementation of enterprise security software.
● Stakeholder Management: Ability to negotiate security requirements into vendor contracts and influence business leaders to choose secure partners.
Education & Certifications
● Education: Bachelor’s degree in Computer Science, Information Security, or a related field.
● Certifications (Highly Preferred):
While not always mandatory, the folowing certifications are highly valued for this role:
● CISA (Certified Information Systems Auditor)
● ISO 27001:2022 LA (ISO 27001:2022 Lead Auditor)
● ISO 27001:2022 LI (ISO 27001:2022 Lead Implementor)