We are seeking an experienced Information Security Client & Vendor Risk Manager to lead the firm's client and vendor risk management program. The successful candidate will serve as the primary point of contact for information security due diligence, client security assessments, and third-party vendor reviews. The ideal candidate will have 6+ years of experience in Information Security, Vendor Risk, Cybersecurity Compliance, or Governance, Risk & Compliance (GRC).
Key Highlights
Key Responsibilities
Technical Skills Required
Benefits & Perks
Nice to Have
Job Description
We're partnering with a leading international Am Law firm to identify an experienced Information Security Client & Vendor Risk Manager to join their Information Security team.
This individual will own the firm's client and vendor risk management program, serving as the primary point of contact for information security due diligence, client security assessments, and third-party vendor reviews. You'll work cross-functionally with Information Security, Procurement, Legal, and firm leadership to strengthen the firm's security posture while supporting client and regulatory requirements.
Responsibilities:
- Lead the firm's client and vendor security due diligence program
- Conduct enterprise-level vendor risk assessments and review SOC 2, ISO 27001, and other security documentation
- Partner with internal stakeholders on security requirements, contracts, and risk mitigation
- Support client security audits, RFPs, and compliance reviews
- Develop and enhance vendor risk frameworks, workflows, and monitoring processes
- Stay current on cybersecurity regulations and emerging industry risks
- Mentor junior team members and drive continuous process improvements
Interested in remote work opportunities in Development & Programming? Discover Development & Programming Remote Jobs featuring exclusive positions from top companies that offer flexible work arrangements.
Qualifications:
- 6+ years of experience in Information Security, Vendor Risk, Cybersecurity Compliance, or Governance, Risk & Compliance (GRC)
- Strong knowledge of SOC 2, ISO 27001, NIST CSF, HIPAA, GLBA, and privacy regulations
- Experience leading enterprise vendor risk assessments and client security reviews
- Excellent communication skills with the ability to present to executive leadership and clients
- Professional certifications such as CISSP, CISM, CISA, CRISC, CTPRA, or ISO 27001 Lead Implementer/Auditor required
Browse our curated collection of remote jobs across all categories and industries, featuring positions from top companies worldwide.
Location: Fully Remote (occasional travel for business or team meetings)
If you're interested in learning more, feel free to apply or send me a message directly.
Similar Jobs
Explore other opportunities that match your interests