Skip to content
ReplitReplitFoster City, CA

Third Party Risk Management and Customer Trust Lead

Lead substantive third-party risk management and customer trust programs at Replit, independently assessing vendor and AI model risks via SOC 2 reviews, architecture analysis, and contract redlining in partnership with Legal. Requires 8+ years GRC experience building scalable TPRM processes.

210k – 270k
Hybrid8+ YOESecurity Engineering

About the role

What You'll Do

  • Run substantive third-party risk management (TPRM), independently evaluating real risk, not just processing questionnaire responses.
  • Review SOC 2 reports, pen test findings, and architecture documentation to form an independent view of vendor risk, extending the same rigor to AI/model providers.
  • Partner with Legal on vendor and AI contract terms, including DPAs, subprocessor agreements, and AI-specific provisions.
  • Review contracts for non-standard security language when flagged by Legal or deal desk, and recommend redlines.
  • Maintain the vendor and AI/model risk register, feeding findings into the company's master risk register.
  • Enable sales through maturing the customer trust program.
  • Build the capability for continuous monitoring of vendor ecosystem.

Required Skills & Experience

  • 8+ years in third-party/vendor risk management, security risk, or a related GRC role.
  • Demonstrated ability to independently assess vendor risk rather than relying on questionnaire responses alone, fluent in reading SOC 2 reports, ISO certificates, pen test summaries, and architecture documentation.
  • Experience reviewing or redlining security and data-handling contract language, ideally in partnership with a legal team.
  • Working knowledge of data privacy fundamentals (GDPR, CCPA) as they relate to vendor and subprocessor relationships.
  • Strong cross-functional collaboration skills — this role touches Legal, Engineering, Product, and Sales regularly.
  • Experience building repeatable, scalable vendor review processes rather than inheriting an existing one.

Bonus Qualifications

  • Direct experience assessing foundation model providers or AI/ML vendors specifically.
  • Experience automating or streamlining third-party review workflows (e.g., continuous vendor monitoring, automated evidence pulls).
  • Familiarity with NIST AI RMF, ISO 42001, or the EU AI Act.
  • Background at an AI-native product company or an LLM/model provider.
  • Paralegal experience or formal contract review training.
  • Relevant certifications (CTPRP, CISSP, CIPP/E).

Benefits

  • Competitive Salary & Equity.
  • 401(k) Program with a 4% match (US Only).
  • Health, Dental, Vision and Life Insurance.
  • Short Term and Long Term Disability.
  • Paid Parental, Medical, Caregiver Leave.
  • Flexible Time Off (FTO) + Holidays.
  • Commuter Benefits (In-Office Only).
  • Monthly Wellness Stipend.
  • Autonomous Work Environment.
  • In Office Set-Up Reimbursement (In-Office Only).
  • Quarterly Team Gatherings.
  • In Office Amenities (In-Office Only).

Skills

Third-Party Risk ManagementSOC 2Penetration TestingVendor Risk AssessmentContract ReviewGDPRCCPANist Ai RmfIso 42001Eu Ai ActCisspCipp/E
Alembic

Lead Security Engineer

AlembicSan Francisco, CA

Lead Security Engineer to own end-to-end system, network, and host security for an on-prem Kubernetes-based AI factory. Design controls, lead incident response, balance open culture with IP/customer data protection; requires 8+ years security engineering with deep Kubernetes, on-prem, and incident experience.

210k – 240k
On-site8+ YOESecurity Engineering
Betterment

Sr. Engineering Manager, Application Security

BettermentNew York, NY

Senior Engineering Manager leading Application Security squad to build secure software by default through threat modeling, design reviews, vulnerability management, and developer tooling. Requires hands-on team leadership and expertise across the AppSec stack.

210k – 250k
Hybrid7+ YOESecurity Engineering
Replit

Senior Software Engineer, Fraud

ReplitFoster City, CA

Build and operate AI-powered fraud and abuse detection systems on Replit's agentic platform. Design LLM guardrails, ML classifiers, and automated response mechanisms to combat phishing, cryptomining, and platform exploitation.

210k – 265k
Hybrid4+ YOESecurity Engineering
Replit

Senior Software Engineer, Risk

ReplitFoster City, CA

Build and operate AI-powered abuse detection and response systems to protect Replit's platform from phishing, cryptomining, fraud, and LLM-specific attacks. Requires 4+ years in security/anti-abuse and strong Python/TypeScript + SQL skills.

210k – 265k
Hybrid4+ YOESecurity Engineering
Replit

Senior Software Engineer, Trust & Safety

ReplitFoster City, CA

Build and operate AI-powered abuse detection and response systems for a developer platform. Focus on LLM guardrails, fraud detection, and automated enforcement across millions of daily actions.

210k – 265k
Hybrid4+ YOESecurity Engineering