Vendor Security Manager
Sierra
hackajob is collaborating with Sierra to connect them with exceptional professionals for this role.
About us
At Sierra, we’re creating a platform to help businesses build better, more human customer experiences with AI. We are primarily an in-person company based in San Francisco, with growing offices in Atlanta, New York, London, Paris, Madrid, Munich, Singapore, Japan, and Sydney.
We are guided by a set of values that are at the core of our actions and define our culture: Trust, Customer Obsession, Craftsmanship, Intensity, and Family. These values are the foundation of our work, and we are committed to upholding them in everything we do.
Our co-founders are Bret Taylor and Clay Bavor. Bret currently serves as Board Chair of OpenAI. Previously, he was co-CEO of Salesforce (which had acquired the company he founded, Quip) and CTO of Facebook. Bret was also one of Google's earliest product managers and co-creator of Google Maps. Before founding Sierra, Clay spent 18 years at Google, where he most recently led Google Labs. Earlier, he started and led Google’s AR/VR effort, Project Starline, and Google Lens. Before that, Clay led the product and design teams for Google Workspace.
The Role
We're looking for a Vendor Security Manager to join Sierra's Security team. The security of our Conversational AI Platform depends on the security of everything connected to it, the vendors, model providers, infrastructure partners, and supply chain dependencies that enable how Sierra operates and scales.
You'll build and scale Sierra's vendor security program from the ground up, conducting deep technical assessments, developing frameworks purpose-built for AI vendor risk, and driving security decisions across all of Sierra's third-party security relationships. This is a hands-on role that requires both technical depth and strong judgment. You’ll help Sierra make informed trade-offs between speed, scale, and security in a business that moves fast and operates in regulated industries.
We value people who are energized by uncertainty and who can form a credible point of view even with incomplete information and can get more rigorous as the situation sharpens.
What You'll Do
Program Ownership & Security Risk Management
Be the interface between Security and Sierra teams on everything vendor security related, drive risk conversations, and keep the program moving.
Own vendor security risk decisions and escalation paths end-to-end, including clear documentation of risk acceptance rationale, mitigation plans, and trade-offs.
Build and continuously improve the vendor security program methodology, tooling, risk tiering, monitoring, and response, scaling it intelligently as Sierra's vendor footprint grows.
Assess and manage security risk across Sierra's full third-party landscape, recognizing that vendors, strategic partners, and contractors carry distinct risk profiles and require tailored oversight. A technology partner with deep API integration is a different security conversation than a SaaS tool or a contractor with scoped environment access — the program you build should reflect that.
Ensure the program meets audit and regulatory expectations across SOC 2, PCI DSS, FedRAMP, ISO 42001, ISO 27001, and emerging AI governance frameworks that hold up under enterprise customer and regulator scrutiny.
Technical Assessment & Supply Chain
Conduct deep, evidence-based security assessments across Sierra's vendor landscape SaaS providers, cloud and infrastructure partners, AI and model providers, and strategic suppliers including reviewing architectures, IAM configurations, access scopes, and vulnerability assessments.
Develop assessment frameworks for AI and model vendors that address risks specific to how these systems actually work including prompt data handling, training data practices, inference infrastructure access, and model supply chain integrity.
Develop and maintain a model provider oversight program that reflects Sierra's reality of working across a constellation of LLM and AI model vendors. That means understanding each provider's data handling commitments, inference infrastructure security, model update and versioning practices, and what contractual and technical controls govern how Sierra's data moves through each. When a model provider changes terms, updates a model, or discloses a security issue, you're the person who understands what it means for Sierra and what to do about it.
Map and monitor Sierra's full supply chain surface, including fourth parties and subprocessors, with visibility into software dependencies, open source components, and AI model provenance.
Think in blast radius. Understand what's reachable if they're compromised data flows, network adjacency, privilege scope, lateral movement paths and let that analysis drive technical controls and contractual requirements.
Automation & Visibility
Build detection logic and automated alerting that fires when a vendor's security posture degrades lapsed certifications, exposed services, configuration drift, or new vulnerability disclosures so Sierra's response is proactive.
Automate evidence collection and control validation across the vendor portfolio, reducing the manual overhead of assessment cycles and creating an audit trail that holds up under scrutiny.
Build integrations between vendor security tooling and Sierra's internal systems, procurement workflows and Slack alerting so risk signals reach the right people quickly and efficiently.
Use AI and tooling to analyze vendor documentation at scale and surface risk signals early and continuously. Develop dashboards and reporting that give leadership real visibility into vendor risk posture, remediation velocity, assessment coverage, and aging findings.
Who You'll Work With
You’ll work with Platform Engineering, Security Engineering, Legal, Operations and Finance teams to understand IAM boundaries, model provider’s API access and infrastructure scaling.
You'll partner on understanding what vendors actually have access to, how third-party components sit inside Sierra's architecture, and how supply chain security gets built into how Sierra ships.
What You'll Bring
10 or more years in information security with real depth in vendor security, third-party risk, or GRC in a regulated environment financial services, healthcare, government, or enterprise SaaS. You've made consequential risk decisions under pressure and know what it means to be accountable for them.
Technical fluency in cloud security, AWS and GCP IAM, VPC architecture, encryption, logging and monitoring, shared responsibility models at a level where you can assess what a vendor's architecture actually means for Sierra's exposure, not just whether their controls list maps to a framework.
Deep working knowledge of ISO 27001, NIST 800-53, SOC 2, PCI DSS, and FedRAMP as they apply to third-party oversight. You understand what auditors are actually looking for and build programs that hold up because they're rigorous, not just well-documented.
Experience building automations, integrations, or detection logic whether through GRC tooling, APIs, or scripting that reduce manual work and surface risk signals faster. You think about scale from the start.
Genuine curiosity about AI security model supply chains, prompt data handling, adversarial ML, and the governance frameworks being built around AI systems. You don't need to have all the answers, but this space should excite you.
The ability to communicate complex risk clearly to engineers, and auditors without losing precision or confidence. Your assessments and risk decisions need to be technically sound and immediately legible to people with very different backgrounds.
Comfort operating in ambiguity and fast-moving environments where the challenges are new, the regulatory frameworks are still forming, and learning on the job is part of the work.
Even Better
You've built a vendor security program from scratch and know what you'd do differently.
You have experience with AI or ML vendors and a developing point of view on what good looks like.
You're familiar with software supply chain security, SBOM and dependency integrity.
You've built or led implementation of GRC, TPRM, supply chain security tooling.
You hold a CISSP, CISA or have led ISO 27001, PCI DSS or other compliance programs in the past.
Our values
Trust: We build trust with our customers with our accountability, empathy, quality, and responsiveness. We build trust in AI by making it more accessible, safe, and useful. We build trust with each other by showing up for each other professionally and personally, creating an environment that enables all of us to do our best work.
Customer Obsession: We deeply understand our customers’ business goals and relentlessly focus on driving outcomes, not just technical milestones. Everyone at the company knows and spends time with our customers. When our customer is having an issue, we drop everything and fix it.
Craftsmanship: We get the details right, from the words on the page to the system architecture. We have good taste. When we notice something isn’t right, we take the time to fix it. We are proud of the products we produce. We continuously self-reflect to continuously self-improve.
Intensity: We know we don’t have the luxury of patience. We play to win. We care about our product being the best, and when it isn’t, we fix it. When we fail, we talk about it openly and without blame so we succeed the next time.
Family: We know that balance and intensity are compatible, and we model it in our actions and processes. We are the best technology company for parents. We support and respect each other and celebrate each other’s personal and professional achievements.
What we offer
We want our benefits to reflect our values and offer the following to full-time employees:
Flexible (unlimited) paid time off
Medical, dental, and vision benefits for you and your family
Life insurance and disability benefits
Retirement plan dependent on country of employment
Parental leave
Fertility and family building benefits through Carrot
Lunch, as well as delicious snacks and coffee to keep you energized
Discretionary benefit stipend giving people the ability to spend where it matters most
Free alphorn lessons
These benefits are further detailed in Sierra's policies, may vary by region, and are subject to change at any time, consistent with the terms of any applicable compensation or benefits plans. Eligible full-time employees can participate in Sierra's equity plans subject to the terms of the applicable plans and policies.
Be you, with us
We're working to bring the transformative power of AI to every organization in the world. To do so, it is important to us that the diversity of our employees represents the diversity of our customers. We believe that our work and culture are better when we encourage, support, and respect different skills and experiences represented within our team. We encourage you to apply even if your experience doesn't precisely match the job description. We strive to evaluate all applicants consistently without regard to race, color, religion, gender, national origin, age, disability, veteran status, pregnancy, gender expression or identity, sexual orientation, citizenship, or any other legally protected class.
$82.2k - $148.2k
...coaches. That’s how we’re UNSTOPPABLE for our employees! The Vendor Manager at T-Mobile is responsible for leading and supporting supplier... ...relationships. (Required) Negotiation – Strong negotiation skills to secure favorable terms and manage costs effectively in vendor...SuggestedFull timeContract workTemporary workPart timeWork experience placementLocal areaFlexible hours- OpenAI is looking for a Global Vendor Manager based in San Francisco, CA, to develop and enhance the vendor operating model for their Ads team. This role is pivotal for managing vendor relationships and ensuring operational best practices. The ideal candidate should have...SuggestedRelocation package
- ...scalable systems that drive customer acquisition, revenue growth, and exceptional customer experiences. About the Role Global Vendor Manager to build and scale the vendor operating model that powers our Ads business globally. This is a highly cross‑functional individual...SuggestedWork at officeRelocation package
- ...CTO of Facebook. Bret was also one of Google's earliest product managers and co-creator of Google Maps. Before founding Sierra, Clay... ...inference and data platforms. Build a centralized and evolving security controls library mapped to compliance, regulatory and customer...SuggestedFull timeFlexible hours
- ...CTO of Facebook. Bret was also one of Google's earliest product managers and co-creator of Google Maps. Before founding Sierra, Clay... ...a seasoned Customer Trust Enablement professional to join the Security Foundations and GRC team. This is a role for someone with 10+ years...SuggestedFull timeContract workFlexible hours
$100k - $155k
...actions across multiple technical teams and service areas. Track and manage cybersecurity activities, ensuring directed actions are... ...and status updates for stakeholders. Coordinate with designated security personnel and operational teams to ensure alignment on security...$144k - $162k
Legal Vendor Program Manager Discord is looking for a Legal Vendor Program Manager to join our growing legal team. In this role, you will own... ...including collaborating with internal teams on conflict and security review and troubleshooting setup and access issues Develop,...Full timeContract workWork at office2 days per week- ...Job Title You will own how Parallel thinks about and secures its platform. You will set the direction, lead the security program, and be the technical leader that engineering, legal, and leadership lean on as we become the default web intelligence layer for AI. The...Work at officeVisa sponsorship
$138k - $219k
...Security Architecture Manager Location: New York City, Los Angeles, San Francisco The Protiviti Career provides opportunity to learn, inspire, and advance within a collaborative and inclusive culture. We hire curious individuals for whom learning is a passion. We...Full timeWork at officeLocal areaRemote workFlexible hours- ...CTO of Facebook. Bret was also one of Google's earliest product managers and co-creator of Google Maps. Before founding Sierra, Clay... ...teams for Google Workspace. What you’ll do Drive high-impact security and infrastructure initiatives end-to-end. Lead complex, cross...Full timeFlexible hours
$83.66k - $104.56k
...Meaningful and rewarding work Vi at Palo Alto is located at 620 Sand Hill Road, Palo Alto CA 94304 Responsibilities: Security and Safety Manager An opportunity exists on our highly accomplished resident services team to manage the security personnel. The...- Discord is seeking a Legal Vendor Program Manager in San Francisco to oversee legal vendor relationships and manage e-billing platforms effectively. This role aims to enhance accountability and cost-effectiveness across legal operations while collaborating with attorneys...
$159k - $196k
...and operations platform. From component sourcing to end customer management, we enable and create value for Waymo through scaled and... ...the primary escalation lead by driving end-to-end resolution of vendor issues, utilizing a centralized tracker to identify root causes...Permanent employmentFull timeRemote work$96.8k - $126k
...Job Overview: Category Manager Keurig Dr Pepper (KDP) is looking for a highly motivated, analytically minded professional to join its West Business Unit Category Management team. The role plays a valuable role by assisting in providing strategic, consultative...Work at office$195k - $205k
...turn their unstructured data into insights instantly. As Security & Compliance Manager , you’ll be responsible for building and managing out our... ...ll do Formulate and drive GRC roadmap, security policies, vendor security reviews and security training Initiate, own and lead...Work at officeFlexible hoursWeekend work$80k - $95k
...VMD Corp is looking for a Terminal Operations Manager at San Francisco International Airport (SFO) to lead and manage TSA security operations. The successful candidate will have at least 5 years of management experience in aviation security, excellent communication skills...Work at office$165k - $175k
Integrated Security Operations Manager (Hybrid), San Francisco We are seeking an Integrated Security Operations Manager to join our Corporate team... ...alignment with client expectations. The position manages vendor and employee teams, provides supervisory oversight,...Contract workLocal areaImmediate startRemote workWorldwideOverseasVisa sponsorship- Salesforce, Inc. is seeking a Manager - Governance, Risk and Compliance Security Automation. This role involves leading the design, deployment, and scaling of compliance automation capabilities. You will define roadmaps to automate compliance workflows and lead a team...Full time
$165k - $175k
Concentric, located in San Francisco, is seeking an Integrated Security Operations Manager to oversee embedded teams. This role requires collaboration with various departments while managing client relationships and resources. The ideal candidate will have significant experience...- ...doing the most important work of your career. About the team The Security Incident Response team is responsible for triaging and... ...Europe, and Asia. What you’ll do You will leverage your security management experience to improve incident response capabilities at Stripe...
- Salesforce.com, inc. is seeking a Manager of Governance, Risk and Compliance Security Automation in San Francisco. This role involves leading the design and scaling of compliance automation capabilities within Security and driving the strategic roadmap for automating compliance...
- Overview Founded in 1973, Inter-Con Security Systems, Inc. is a leading global security company, providing a full range of physical security... ...employs over 35,000 security personnel worldwide, trained and managed by a team of professionals with unsurpassed military, law...Contract workWork at officeWorldwideShift work
- ...strategic category planning, supplier negotiations, and contract management to drive value, resilience, and sustainability across the... ...competitive bidding processes, including RFPs, RFIs, and negotiations to secure best-value agreements. Negotiates, drafts, and manages...Contract workWork experience placementWork at officeRemote work
- Autodesk is hiring a Manager of Security Incident Response Operations in San Francisco, CA. This role involves leading a talented team of security analysts to manage high-impact investigations and drive operational excellence in incident response. The candidate should have...
- Centaur Labs is seeking a Manager of Governance, Risk and Compliance Security Automation located in San Francisco. This role involves leading teams to innovate compliance automation solutions, integrating engineering with compliance tasks to streamline the process. The...
$275k - $300k
...or connect with Postman on X via @getpostman. The Information Security organization at Postman operates across three pillars: Governance... ...Postman’s scale. The Opportunity We are looking for a Senior Manager, Offensive Security who is as much a strategist as they are a hacker...Flexible hours- Harvey is looking for a Director of Security Engineering to shape the security foundations for our company. This role involves defining strategies for security systems and leading a dedicated team. The ideal candidate will have extensive software engineering and leadership...
$190k - $251k
...close cases with unprecedented clarity and precision. Senior Manager of Security Intelligence You will provide strategic leadership,... ...execution roadmaps, managing operational budgets, and optimizing vendor ecosystems. Executive Communication: You possess exceptional...Shift work$285k - $350k
...getting started. Role Overview We're looking for a Director of Security Engineering to build and scale the security foundations that... ...security engineering platform, including identity and access management, security tooling, and the systems that help engineers build and...$240k - $310k
...Candid Health Security Leader You will be the first dedicated security leader at Candid Health. You won't just be managing a checklist; you will be building the team and systems that... ...party Relationships: Coordinate with vendors for penetration testing and other security...Flexible hours
Do you want to receive more vacancies?
Subscribe and receive similar vacancies to Vendor Security Manager. Be the first to apply!
- global category manager San Francisco, CA
- category manager San Francisco, CA
- category manager beauty San Francisco, CA
- vendor manager San Francisco, CA
- category manager packaging San Francisco, CA
- corporate security manager San Francisco, CA
- security systems manager San Francisco, CA
- security manager San Francisco, CA
- security engineering manager San Francisco, CA
- program manager with security clearance San Francisco, CA


