Hiring.Camp

Security Compliance Specialist (Third-Party Risk)

Cloudpay

·

3 days ago

Location
San Jose, Costa Rica
Workplace
Hybrid
Type
Full-time
Department
Legal
Source
Workday

Description

About this job opportunity
 

Our Vision

To be the world's most trusted global payroll partner, simplifying pay for all employees.

Our Mission

Empowering global workforces with seamless, compliant, and innovative payroll and payment solutions, enabling businesses to thrive in a connected world.

Our People

Our fundamental beliefs at CloudPay are built on core values of professionalism, passion, empowerment, innovation, and teamwork. We value our employees and strive to create a great workplace where everyone is valued, heard, inspired, and encouraged to bring their authentic selves to work. We're committed to providing an excellent employee experience through fulfilling projects, empowerment to make a difference, and an environment that inspires innovation.

What makes this role exciting:

The Security Compliance Specialist (Third-Party Risk) is an experienced individual contributor responsible for supporting and enhancing CloudPay's global Third-Party Risk Management (TPRM) framework.

This role primarily focuses on the oversight of third-party vendors, ensuring risks are identified, assessed, mitigated, and monitored throughout the vendor lifecycle. The Specialist will play a key role in maintaining robust governance, regulatory compliance, and effective risk management across supplier relationships.

In addition, the role supports the integration of emerging risk domains, particularly Artificial Intelligence (AI), into the TPRM framework. Experience in AI risk management and governance is advantageous, enabling the Specialist to contribute to the oversight of vendors delivering AI-enabled, automated, or data-driven services.

Main responsibilities:

Third-Party Risk Management (Primary Focus)

  • Conduct vendor due diligence and risk assessments.

  • Evaluate suppliers across information security, data privacy, operational resilience, and regulatory compliance domains.

  • Review SOC reports, ISO certifications, security policies, and control evidence.

  • Maintain vendor risk scoring and tiering models.

  • Provide risk ratings and recommendations to support business decisions. 

Risk Assessment & Due Diligence

  • Perform in-depth reviews of high-risk and critical suppliers.

  • Identify risks, control gaps, and remediation actions.

  • Work with vendors to address deficiencies and track progress.

  • Support contract reviews to ensure appropriate risk controls are included. 

Monitoring & Governance

  • Monitor vendor risks through periodic reviews and trigger events.

  • Manage third-party risk issues, incidents, and exceptions.

  • Support reporting, escalation, and remediation activities. 

Framework Improvement

  • Enhance TPRM processes, tools, and reporting.

  • Support automation and scalability of risk management activities.

  • Align practices with regulations such as GDPR, DORA, and outsourcing guidance.

Stakeholder Management

  • Partner with Security, Legal, Compliance, Procurement, and Technology teams.

  • Advise on vendor risk during procurement and onboarding.

  • Support audits, regulatory reviews, and client due diligence requests. 

AI Risk & Governance (Desirable)

  • Assess AI-enabled vendors and data-driven services.

  • Evaluate AI-related risks including privacy, governance, bias, fairness, and explainability.

  • Support the integration of AI governance into existing TPRM processes.

  • Stay informed on AI regulations such as the EU AI Act.

Experience needed for this role:

  • Strong background in Third-Party Risk Management, Supplier Risk, Technology Risk, or Operational Risk.

  • Hands-on experience conducting vendor assessments and due diligence.

  • Knowledge of SaaS/vendor risk reviews and TPRM methodologies.

  • Understanding of GDPR, DORA, and related regulatory frameworks.

Desirable Experience

  • Exposure to AI/ML technologies and AI governance.

  • Experience reviewing AI-enabled vendors and emerging technology risks.

Key Skills:

  • Risk identification, assessment, and control evaluation.

  • Cyber, privacy, operational, and compliance risk analysis.

  • Ability to interpret technical security documentation.

  • Strong analytical, report-writing, communication, and stakeholder-management skills

About you and Our core values

  • Taking ownership, working with integrity and respect

  • Being a team player is key to our culture

  • Solution and customer focused

  • Great initiative with the goal for excellence in achieving results

  • Dedicated to developing and always looking for continuous improvements

  • Be creative, be committed, be engaged and enjoy what you do

Costa Rica

  • Competitive Salary

  • Competitive vacation allowance

  • Calm app

  • Preventive Medical Check Up

  • MediSmart Business Plan

  • MAPFRE Medical Benefits

  • EAP

  • Wellbeing Allowance

  • MAPFRE Vision Benefit

  • Life Insurance and Total & Permanent Disability

  • WFH Allowance

  • Employee Referral Program

  • Paid Volunteering days

  • Bereavement Leave

  • Marriage Leave

  • Paid Sick Days

CloudPay is committed to being an equal opportunities employer. #LI-AC1 #LI-HYBRID

 

The CloudPay culture is built upon on five core values, from which we develop our service, our technology and our business strategies. Our fundamental beliefs are a promise to our employees, customers and partners, built on the core values of professionalism, passion, empowerment, innovation, and teamwork.
Glassdoor

Skills

SOCRisk ManagementComplianceProcurementGDPR

Similar Jobs

30

Security Compliance Specialist

TARGAN · Raleigh, NC

6 days ago

Security & Compliance Specialist

ITPS (Canada) LTD · North Bay, Ontario, Canada

3 weeks ago

Security & Compliance Specialist

Professional Kyndryl · PELML Lima (PELML) La Molina, Peru · Remote

1 month ago

Security Compliance Specialist

Jetbrains · Amsterdam, Netherlands; Berlin, Germany; Limassol, Cyprus; Madrid, Spain; Munich, Germany; Paphos, Cyprus; Prague, Czech Republic; Remote, Germany; Warsaw, Poland · Remote

8 months ago

Supply Chain Security Compliance Specialist, Supply Chain Intellectual Property Security

Amazon · Onsite

Today

CYBER SECURITY COMPLIANCE SPECIALIST - VOIS

Vodafone · Pune, MH,IN, IN

5 days ago

Senior Information Security Compliance Specialist

Boeing · USA - Arlington, VA, United States of America +8 · Hybrid

1 week ago

Senior Information Security Compliance Specialist

Boeing · USA - Arlington, VA, United States of America +8 · Hybrid

1 week ago

Corporate Security & Compliance Specialist

Gigaenergy · Houston +1

1 week ago

Senior Compliance Security Specialist

Canadian Tire Corporation · Oakville 01, Canada

1 week ago

IT Security & Compliance Specialist II

Nc · 1915 Health Services Way Wake · Hybrid

2 weeks ago

IT Specialist - Security & Compliance

LAV - LEGA ANTI VIVISEZIONE · Roma, Lazio, Italy · Hybrid

1 month ago

Senior Security Compliance Specialist

KMS Technology · Ho Chi Minh City, Ho Chi Minh, Vietnam · hybrid

1 month ago

GRC Security Compliance Specialist

NTT DATA · Plano, TX,US, US · Remote

1 month ago

Information Security Compliance Specialist

Business Operations and Legal · LONDON, United Kingdom, GB

1 month ago

CYBER SECURITY COMPLIANCE SPECIALIST - VOIS

Vodafone · Pune, MH,IN, IN

1 month ago

IT Security & Compliance Specialist

Nexi · Estonia, EE · Hybrid

1 month ago

Senior IT Security Compliance Specialist

EcoVadis · Warsaw, Masovian Voivodeship, Poland · Remote

1 month ago

Senior Security Compliance Specialist

KMS Technology · Ho Chi Minh City, Ho Chi Minh, Vietnam

2 months ago

Senior Security Compliance Specialist

Adobe · Sydney, Australia

2 months ago

Cyber Security & Compliance Specialist

MW_enterprise · Upper Marlboro, MD

2 months ago

Cyber Security & Compliance Specialist

Melwood Horticultural Training Center Inc. · Upper Marlboro

2 months ago

Sr. Security Compliance Specialist

DoorDash USA · United States - Remote · Remote

2 months ago

Information Technology Security & Compliance Specialist (Full-time Hybrid, Morrisville, NC Based)

Alliance Health · Morrisville

3 months ago

Information Security Compliance Specialist

Securiport · Reston, Virginia

5 months ago

Senior Security Compliance Specialist

Acronis · Bulgaria +3 · Remote

5 months ago

Technical Security Compliance Specialist

Site kandidaatervaring · Netherlands, NL

8 months ago

Information Security Compliance Specialist

Tactibit Technologies LLC · Suitland, MD, US

1+ year ago

AWS Security Controls Specialist, AWS Compliance & Security Assurance

Amazon

Today

Security Specialist SA, EMEA Security and Compliance Specialist SA

Amazon

Today