at Replit
Location
Foster City, CA
Compensation
$210k–$270k USD
Type
full time
Posted
Yesterday
Remote
Yes
Market range · function + seniority
p25 · target · p75 · n=800
Posted $270k · well above market
Tailor your résumé to this role in 30 seconds.
Free account · ATS keyword check · per-job bullet rewrite by Claude.
Replit is the agentic software creation platform that enables anyone to build applications using natural language. With millions of users worldwide, Replit is democratizing software development by removing traditional barriers to application creation.
Replit’s ecosystem is powered by an expanding array of external services and essential AI model partners. As our lead for Security Vendor Risk & Contract Reviews, you will architect and execute a risk management program focused on substantive evaluation rather than just processing checklists. You’ll analyze SOC 2 documentation, security assessments, and system architectures to determine actual risk profiles, collaborating with our Legal team to secure necessary contractual protections. This role reports to the Head of Security GRC and involves high-impact partnerships across Legal, Engineering, and Product teams.
Run substantive third-party risk management (TPRM), independently evaluating real risk, not just processing questionnaire responses
Review SOC 2 reports, pen test findings, and architecture documentation to form an independent view of vendor risk, extending the same rigor to AI/model providers
Partner with Legal on vendor and AI contract terms, including DPAs, subprocessor agreements, and AI-specific provisions
Review contracts for non-standard security language when flagged by Legal or deal desk, and recommend redlines
Maintain the vendor and AI/model risk register, feeding findings into the company's master risk register
Enable sales through maturing the customer trust program
Build the capability for continuous monitoring of vendor ecosystem
8+ years in third-party/vendor risk management, security risk, or a related GRC role
Demonstrated ability to independently assess vendor risk rather than relying on questionnaire responses alone, fluent in reading SOC 2 reports, ISO certificates, pen test summaries, and architecture documentation
Experience reviewing or redlining security and data-handling contract language, ideally in partnership with a legal team
Working knowledge of data privacy fundamentals (GDPR, CCPA) as they relate to vendor and subprocessor relationships
Strong cross-functional collaboration skills — this role touches Legal, Engineering, Product, and Sales regularly
Experience building repeatable, scalable vendor review processes rather than inheriting an existing one
Direct experience assessing foundation model providers or AI/ML vendors specifically
Experience automating or streamlining third-party review workflows (e.g., continuous vendor monitoring, automated evidence pulls) is a plus
Familiarity with NIST AI RMF, ISO 42001, or the EU AI Act
Background at an AI-native product company or an LLM/model provider
Paralegal experience or formal contract review training
Relevant certifications (CTPRP, CISSP, CIPP/E)
This is a full-time role that can be held from our Foster City, CA office. The role has an in-office requirement of Monday, Wednesday, and Friday.
Full-Time Employee Benefits Include:
💰 Competitive Salary & Equity
💹 401(k) Program with a 4% match (US Only)
⚕️ Health, Dental, Vision and Life Insurance
🩼 Short Term and Long Term Disability
🚼 Paid Parental, Medical, Caregiver Leave
🏝 Flexible Time Off (FTO) + Holidays
🚗 Commuter Benefits (In-Office Only)
📱 Monthly Wellness Stipend
🧑💻 Autonomous Work Environment
🖥 In Office Set-Up Reimbursement (In-Office Only)
🚀 Quarterly Team Gatherings
☕ In Office Amenities (In-Office Only)
Want to learn more about what we are up to?
Interviewing + Culture at Replit
To achieve our mission of making programming more accessible around the world, we need our team to be representative of the world. We welcome your unique perspective and experiences in shaping this product. We encourage people from all kinds of backgrounds to apply, including and especially candidates from underrepresented and non-traditional backgrounds.
More open roles at Replit
Hiring velocity, headcount trend, and every open posting on one page.
Open postings ranked by description similarity — useful if this role isn't quite right.