Toast logo

Toast

IndiaIndia

Staff Security Assurance Engineer, Third Party Risk Management

full-timeRemote
risk management
security
third party
remote
This position is posted by Jobgether on behalf of a partner company. We are currently looking for a Staff Security Assurance Engineer, Third Party Risk Management in India.
As a Staff Security Assurance Engineer focused on third-party risk management, you will lead the design, implementation, and maturation of a comprehensive third-party risk program. You will assess and monitor vendor security controls, ensure compliance with global standards, and collaborate across teams to strengthen security practices. This role offers a high-impact opportunity to influence security risk posture, provide confidence to internal stakeholders and clients, and drive program improvements. Operating remotely within India, you will work closely with leadership and technical teams to implement best practices in security assurance, audits, and contractual compliance. Ideal candidates are experienced security professionals who are self-driven, detail-oriented, and skilled at managing complex third-party risk scenarios.

Accountabilities:

  • Own and manage the organization’s third-party risk management program.
  • Evaluate vendor security program maturity, controls, and documentation through assessments and audits.
  • Maintain assessment procedures, program documentation, and vendor contract security language.
  • Identify opportunities to enhance program maturity and implement risk management improvements.
  • Develop, monitor, and report on third-party risk management metrics.
  • Collaborate with cross-functional teams including Procurement, IT, Security, and Legal.
  • Support audits, virtual or onsite, to validate vendor security posture.

Requirements:

  • Bachelor’s degree in Computer Science or related field, or equivalent experience.
  • 10+ years of experience in security, with at least 4 years in third-party risk management.
  • Proven experience managing and improving third-party risk programs.
  • Expertise in conducting vendor security assessments and audits.
  • Strong understanding of security controls, regulations, and standards (SOC 2, PCI, ISO 27001, etc.).
  • Experience collaborating with internal Legal teams on security language in vendor contracts.
  • Knowledge of classifying vendors by criticality and security risk is preferred.
  • Familiarity with Jira and security certifications such as CISSP is preferred.
  • Strong communication and organizational skills, with ability to work with both individual contributors and senior leadership.

Benefits:

  • Competitive compensation package.
  • Flexible and inclusive work environment.
  • Health and wellness benefits tailored for employees in India.
  • Opportunities for professional growth and certification support.
  • Remote work flexibility with collaboration across teams.
  • Inclusive culture emphasizing diversity, equity, and belonging.