- Location
- San Jose, Costa Rica
- Workplace
- Hybrid
- Type
- Full-time
- Department
- Legal
- Source
- Workday
Description
About this job opportunity
Our Vision
To be the world's most trusted global payroll partner, simplifying pay for all employees.
Our Mission
Empowering global workforces with seamless, compliant, and innovative payroll and payment solutions, enabling businesses to thrive in a connected world.
Our People
Our fundamental beliefs at CloudPay are built on core values of professionalism, passion, empowerment, innovation, and teamwork. We value our employees and strive to create a great workplace where everyone is valued, heard, inspired, and encouraged to bring their authentic selves to work. We're committed to providing an excellent employee experience through fulfilling projects, empowerment to make a difference, and an environment that inspires innovation.
What makes this role exciting:
The Security Compliance Specialist (Third-Party Risk) is an experienced individual contributor responsible for supporting and enhancing CloudPay's global Third-Party Risk Management (TPRM) framework.
This role primarily focuses on the oversight of third-party vendors, ensuring risks are identified, assessed, mitigated, and monitored throughout the vendor lifecycle. The Specialist will play a key role in maintaining robust governance, regulatory compliance, and effective risk management across supplier relationships.
In addition, the role supports the integration of emerging risk domains, particularly Artificial Intelligence (AI), into the TPRM framework. Experience in AI risk management and governance is advantageous, enabling the Specialist to contribute to the oversight of vendors delivering AI-enabled, automated, or data-driven services.
Main responsibilities:
Third-Party Risk Management (Primary Focus)
Conduct vendor due diligence and risk assessments.
Evaluate suppliers across information security, data privacy, operational resilience, and regulatory compliance domains.
Review SOC reports, ISO certifications, security policies, and control evidence.
Maintain vendor risk scoring and tiering models.
Provide risk ratings and recommendations to support business decisions.
Risk Assessment & Due Diligence
Perform in-depth reviews of high-risk and critical suppliers.
Identify risks, control gaps, and remediation actions.
Work with vendors to address deficiencies and track progress.
Support contract reviews to ensure appropriate risk controls are included.
Monitoring & Governance
Monitor vendor risks through periodic reviews and trigger events.
Manage third-party risk issues, incidents, and exceptions.
Support reporting, escalation, and remediation activities.
Framework Improvement
Enhance TPRM processes, tools, and reporting.
Support automation and scalability of risk management activities.
Align practices with regulations such as GDPR, DORA, and outsourcing guidance.
Stakeholder Management
Partner with Security, Legal, Compliance, Procurement, and Technology teams.
Advise on vendor risk during procurement and onboarding.
Support audits, regulatory reviews, and client due diligence requests.
AI Risk & Governance (Desirable)
Assess AI-enabled vendors and data-driven services.
Evaluate AI-related risks including privacy, governance, bias, fairness, and explainability.
Support the integration of AI governance into existing TPRM processes.
Stay informed on AI regulations such as the EU AI Act.
Experience needed for this role:
Strong background in Third-Party Risk Management, Supplier Risk, Technology Risk, or Operational Risk.
Hands-on experience conducting vendor assessments and due diligence.
Knowledge of SaaS/vendor risk reviews and TPRM methodologies.
Understanding of GDPR, DORA, and related regulatory frameworks.
Desirable Experience
Exposure to AI/ML technologies and AI governance.
Experience reviewing AI-enabled vendors and emerging technology risks.
Key Skills:
Risk identification, assessment, and control evaluation.
Cyber, privacy, operational, and compliance risk analysis.
Ability to interpret technical security documentation.
Strong analytical, report-writing, communication, and stakeholder-management skills
About you and Our core values
Taking ownership, working with integrity and respect
Being a team player is key to our culture
Solution and customer focused
Great initiative with the goal for excellence in achieving results
Dedicated to developing and always looking for continuous improvements
Be creative, be committed, be engaged and enjoy what you do
Costa Rica
Competitive Salary
Competitive vacation allowance
Calm app
Preventive Medical Check Up
MediSmart Business Plan
MAPFRE Medical Benefits
EAP
Wellbeing Allowance
MAPFRE Vision Benefit
Life Insurance and Total & Permanent Disability
WFH Allowance
Employee Referral Program
Paid Volunteering days
Bereavement Leave
Marriage Leave
Paid Sick Days
CloudPay is committed to being an equal opportunities employer. #LI-AC1 #LI-HYBRID
The CloudPay culture is built upon on five core values, from which we develop our service, our technology and our business strategies. Our fundamental beliefs are a promise to our employees, customers and partners, built on the core values of professionalism, passion, empowerment, innovation, and teamwork.
Glassdoor