Conduct risk assessments for critical and operationally significant third-party entities.
Identify, track, and drive remediation of control gaps and security risks uncovered throughout the assessment lifecycle.
Partner closely with cross-functional teams to manage third-party risk holistically and stay ahead of emerging risks, including generative and agentic AI.
HealthEquity's mission is to save and improve lives by empowering healthcare consumers. They envision making HSAs as widespread and popular as retirement accounts and they are passionate about providing a solution that allows American families to connect health and wealth.
Lead end-to-end Third Party Risk Assessments for new and existing vendors.
Own the ongoing monitoring and tracking of vendor risk across Smartsheet's third-party portfolio.
Evaluate vendor security documentation and translate findings into clear, actionable risk summaries for stakeholders.
Smartsheet empowers people and teams to achieve anything. They provide tools for work management and scalable solutions, fostering a culture that values diverse perspectives and supports employee growth and impact.
Own Security Governance: maintain and evolve security policies, standards, and control frameworks.
Lead the Security TPRM function across vendor lifecycle: intake/onboarding, due diligence, contracting handoffs, ongoing monitoring.
Build, coach, and scale the Governance and TPRM teams: hiring, performance management, career development, and team morale.
Affirm is reinventing credit to make it more honest and friendly, giving consumers the flexibility to buy now and pay later without any hidden fees or compounding interest. The majority of their roles are remote. They offer competitive benefits anchored to the core value of people come first.
Execute end-to-end third-party and vendor risk assessments.
Develop, maintain, and enhance risk metrics, dashboards, and reporting.
Assist with additional GRC activities as needed, including policy management, risk assessments, control testing, and compliance initiatives
Aprio is a Top 20 CPA and advisory firm that accounts for anything. With over 3,200 team members and 40 U.S. office locations, plus international offices, they bring proven expertise and strategic foresight to fast-growing industries.
Define and evolve security governance and risk management strategy, aligning function-level priorities with enterprise objectives and the security roadmap.
Lead security-related audits, assessments, and regulatory inquiries in partnership with Legal, Compliance, Privacy, and Internal Audit.
Manage and hold accountable a third-party GRC services vendor, ensuring delivery quality, prioritization, and alignment to Clover’s risk appetite.
Clover Health is reinventing health insurance by combining data with human empathy to keep members healthier. They've created custom software and analytics to empower their clinical staff to intervene and provide personalized care. Those who work at Clover are passionate and mission-driven individuals with diverse areas of expertise, working together to solve the most complicated problem in the world: healthcare.
As the first dedicated InfoSec hire, you'll secure organizational systems, data, and operations.
You will develop and maintain a practical framework for securely deploying AI tools across the organization.
You will lead security incident response, investigate alerts, and coordinate containment.
Customer.io's platform is used by over 8,000 companies to send billions of messages daily. They power automated communication and help teams send smarter messages using real-time behavioral data, operating as a globally distributed, remote-first company.
Lead the development of executive-level reporting on IT risk and compliance.
Own and evolve the firm’s IT risk register and Risk & Control Self-Assessment (RCSA) program.
Analyze incident, change, and problem management data to identify trends and improvement opportunities.
Wilson Sonsini is the premier legal advisor to technology, life sciences, and other growth enterprises worldwide. The firm has approximately 1,100 attorneys in 17 offices and fosters an entrepreneurial spirit and team-oriented approach for all employees.
Lead end-to-end PCI DSS compliance, including CDE scoping and reduction, control implementation/validation, and audit management.
Lead and support SOC 2 Type II attestation initiatives, including TSC mapping, evidence collection, control testing, and remediation tracking
Own the Third-Party Risk Management (TPRM) program, including vendor tiering, risk assessments, and security reviews
HighLevel is an AI-powered business operating system that gives agencies, entrepreneurs and SMBs the infrastructure to build, automate and scale. With over 2,000 team members across 10+ countries, HighLevel operates as a global, remote-first organization built for speed and ownership.
Safeguard assets and global reputation, acting as a strategic partner.
Lead risk mitigation strategies and ensure compliance with global standards.
Develop a world-class GRC program that aligns with strategic goals.
EcoVadis is the leading provider of business sustainability ratings. Our solutions are backed by an international team of experts and powerful technology. They analyze data and build sustainability scorecards that give companies actionable insights into their environmental, social and ethical risks.
Serve as the outsourced CISO for 8–12 clients, providing executive-level security leadership on a fractional basis
Conduct security risk assessments, gap analyses, and penetration testing oversight for prospective and current clients
Develop and maintain security programs, policies, and incident response plans tailored to each client's risk profile and regulatory environment
Reputation Management Consultants (RMC) is an affiliated organization with a premier advisory firm specializing in reputation management and strategic consulting for mid-market companies and high-profile clients. They are launching a dedicated cybersecurity division to address a critical truth our clients face every day: a data breach is a reputation event; and are building an AI-powered cybersecurity practice from the ground up.
Serve as a trusted advisor to CISOs, translating technical findings into business impact and cyber risk insights.
Own the end-to-end lifecycle of customer relationships and engagements, including onboarding and assessment coordination.
Drive long-term customer retention through consistent value realization and measurable outcomes.
Cye helps security and risk leaders gain a clear, defensible view of their cyber exposure, grounded in financial impact and real-world attack paths. They allow organizations to establish a strong baseline, prioritize decisions with confidence, and track measurable reduction over time.
Own end-to-end compliance strategy and operations.
Conduct risk assessments and identify compliance risks.
Build compliance programs from ground up and coordinate compliance audits.
Sprinto is an AI-native GRC platform that helps organizations manage risks, audits, vendor oversight, and continuous monitoring from a single connected platform. With a team of 350+ employees serving 3,000+ customers across 75+ countries, Sprinto combines scale with expertise to deliver trust and compliance.
Execute and enhance governance, risk, and compliance operations for Socure's public sector business, managing vulnerability remediation and audit readiness.
Coordinate external assessments, maintain FedRAMP/GovRAMP documentation, and automate evidence collection to meet rigorous framework standards.
Design automation-first continuous monitoring programs, lead vulnerability management, and serve as a security subject matter expert for public sector sales activities.
Socure builds identity trust infrastructure for the digital economy, verifying identities and preventing fraud. The company hires people who move fast, think critically, act like owners, and care deeply about solving customer problems.
Design Governance Structures, Decision Rights, and Accountability.
Build and Operationalize Governance Artifacts and Routines.
Artemis Connection is a strategic management consultancy working across the for-profit, public, and social sectors. They are passionate about helping innovative and entrepreneurial leaders reach their goals through a customized, project-based approach. The team is made up of seasoned consultants trained at organizations such as McKinsey & Company, BCG, Bain, Big 4 Strategy, and elite educational institutions.
Owns end-to-end operating partner relationship, serving as the single point of accountability.
Develops relationships with the partner executive team and facilitates connections across companies.
Develops and executes a comprehensive vendor and partner management plan aligned with organizational goals.
Pathward is a financial empowerment company increasing financial availability, choice, and opportunity. They're a team of problem solvers and innovators who celebrate differences, embracing voices of employees, customers, partners, and communities.