Asana28.04.2026

Security Risk and Compliance Lead

Warsaw

Обязанности

  • 01Own and scale Asana’s TPRM program: Design, implement, and continuously improve a risk-based framework for assessing and managing third-party vendors and service providers
  • 02Lead vendor security assessments: Conduct and oversee security due diligence for new and existing vendors, including reviewing SOC 2 reports, ISO 27001 certifications, security questionnaires (SIG, CAIQ), and other relevant documentation
  • 03Drive remediation and risk acceptance: Track and manage open findings from vendor assessments, work with internal stakeholders to prioritize remediation, and facilitate formal risk acceptance processes where appropriate
  • 04Manage ongoing third-party monitoring: Develop and execute a continuous monitoring strategy for critical and high-risk vendors, including periodic reassessments, breach notifications, and security posture updates
  • 05Review security provisions in vendor contracts: Collaborate with Legal and Privacy teams to assess and negotiate security-related clauses in vendor agreements, data processing addenda, and subprocessor agreements
  • 06Report on TPRM program health: Develop metrics and reporting to communicate the state of third-party risk to senior leadership and relevant stakeholders
  • 07Support audit and compliance activities by providing evidence of TPRM program effectiveness, including for SOC 2, ISO 27001, and customer audits
  • 08Operate globally: Work with a global team to ensure appropriate coverage and coordination across timezones, supporting vendor assessments and risk decisions that span multiple regions

Требования

  • 015+ years of experience in third-party risk management, vendor risk assessment, or a related information security discipline
  • 02Strong knowledge of TPRM frameworks and standards, including SIG, CAIQ, NIST SP 800-161, ISO 27001, and SOC 2
  • 03Experience conducting vendor security assessments and reviewing third-party security documentation (audit reports, certifications, penetration test summaries, etc.)
  • 04Solid understanding of core security principles, cloud environments, data privacy, and compliance standards relevant to B2B SaaS organizations
  • 05Proven ability to build and operationalize scalable risk management processes and develop metrics for tracking program effectiveness
  • 06Excellent communication skills, with the ability to translate technical risk findings into clear, actionable language for both technical and non-technical audiences
  • 07Experience collaborating cross-functionally with Procurement, Legal, Privacy, and Engineering teams
  • 08Demonstrates curiosity about AI tools and emerging technologies, with a willingness to learn and leverage them to enhance productivity, collaboration, or decision-making

Условия

  • 01This role is based in our Warsaw office with an office-centric hybrid schedule
  • 02The standard in-office days are Monday, Tuesday, and Thursday
  • 03Most Asanas have the option to work from home on Wednesdays
  • 04Working from home on Fridays depends on the type of work you do
  • 05Our employees in Poland are employed under a contract of employment
  • 06Generous, transparent and fair compensation system
  • 07Contract of Employment ( and the option of 50% tax deductible costs for author’s rights usage in respect of applicable roles )
  • 08Health insurance with dental and travel coverage (Lux Med)
  • 09Meals reimbursement on the days that you work from the office
  • 10Career growth budget
  • 11Home office setup budget
  • 12Gym/Fitness reimbursement
  • 13Fertility healthcare and family-forming support with Carrot
  • 14Mental Health Support in Modern Health
  • 15Group life insurance
  • 16MacBooks with all necessary accessories
  • 17For this role, the estimated base salary range is between 22,750 - 27,250 PLN gross per month (subject to all taxes and necessary deductions)