Vendor Security Manager

About the role

At Sierra, we're creating a platform to help businesses build better, more human customer experiences with AI. We are primarily an in-person company based in San Francisco, with growing offices in Atlanta, New York, London, Paris, Madrid, Munich, Singapore, Japan, and Sydney. We are guided by a set of values that are at the core of our actions and define our culture: Trust, Customer Obsession, Craftsmanship, Intensity, and Family. These values are the foundation of our work, and we are committed to upholding them in everything we do. Our co-founders are Bret Taylor and Clay Bavor . Bret currently serves as Board Chair of OpenAI. Previously, he was co-CEO of Salesforce (which had acquired the company he founded, Quip) and CTO of Facebook. Bret was also one of Google's earliest product managers and co-creator of Google Maps. Before founding Sierra, Clay spent 18 years at Google, where he most recently led Google Labs. Earlier, he started and led Google's AR/VR effort, Project Starline, and Google Lens. Before that, Clay led the product and design teams for Google Workspace. We're looking for a Vendor Security Manager to join Sierra's Security team. The security of our Conversational AI Platform depends on the security of everything connected to it, the vendors, model providers, infrastructure partners, and supply chain dependencies that enable how Sierra operates and scales. You'll build and scale Sierra's vendor security program from the ground up, conducting deep technical assessments, developing frameworks purpose-built for AI vendor risk, and driving security decisions across all of Sierra's third-party security relationships. This is a hands-on role that requires both technical depth and strong judgment. You'll help Sierra make informed trade-offs between speed, scale, and security in a business that moves fast and operates in regulated industries. We value people who are energized by uncertainty and who can form a credible point of view even with incomplete information and can get more rigorous as the situation sharpens.

Responsibilities

• Program Ownership & Security Risk Management
• Be the interface between Security and Sierra teams on everything vendor security related, drive risk conversations, and keep the program moving.
• Own vendor security risk decisions and escalation paths end-to-end, including clear documentation of risk acceptance rationale, mitigation plans, and trade-offs.
• Build and continuously improve the vendor security program methodology, tooling, risk tiering, monitoring, and response, scaling it intelligently as Sierra's vendor footprint grows.
• Ensure the program meets audit and regulatory expectations across SOC 2, PCI DSS, FedRAMP, ISO 42001, ISO 27001, and emerging AI governance frameworks that hold up under enterprise customer and regulator scrutiny.
• Technical Assessment & Supply Chain
• Conduct deep, evidence-based security assessments across Sierra's vendor landscape SaaS providers, cloud and infrastructure partners, AI and model providers, and strategic suppliers including reviewing architectures, IAM configurations, access scopes, and vulnerability assessments.
• Develop assessment frameworks for AI and model vendors that address risks specific to how these systems actually work including prompt data handling, training data practices, inference infrastructure access, and model supply chain integrity.
• Map and monitor Sierra's full supply chain surface, including fourth parties and subprocessors, with visibility into software dependencies, open source components, and AI model provenance.
• Think in blast radius. Understand what's reachable if they're compromised data flows, network adjacency, privilege scope, lateral movement paths and let that analysis drive technical controls and contractual requirements.
• Automation & Visibility
• Build detection logic and automated alerting that fires when a vendor's security posture degrades lapsed certifications, exposed services, configuration drift, or new vulnerability disclosures so Sierra's resp

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at sierra? Share your experience