Security Assurance Engineer

We are seeking a Security Assurance Engineer to support our security risk management program with a strong focus on third-party risk assessments and hands-on technical security support. This role is ideal for someone with a solid technical security foundation who is interested in applying that knowledge to risk analysis, vendor assessments, and security decision-making. Reporting to the CISO, the role primarily supports client-facing security assurance activities and provides support for Information Security operations and engineering, while also acting as an escalation point for technical/end user support. KEY RESPONSIBILITIES Third-Party Security Risk Perform third-party and vendor security risk assessments, including security questionnaires, evidence review, and control validation. Review SOC 1 / SOC 2 reports, penetration test summaries, and security documentation. Identify technical control gaps and clearly document risk, impact, and recommended remediation. Support vendor onboarding, renewals, and exception processes. Collaborate with procurement, legal, and business teams to ensure security and privacy requirements are integrated into vendor contracts and the lifecycle process. Client Stakeholder Support Compose thorough and well-articulated responses for client-facing security questionnaires, RFPs, and due diligence requests. Translate technical security controls into clear, accurate responses for non-technical audiences. Collaborate with internal teams to ensure consistent security messaging. Technical Security Operations Support Provide escalated technical support for security operations when risk or architectural analysis is required. Assist in evaluating and tuning security controls across cloud, identity, endpoint, and email security platforms. Participate in incident response activities, including technical investigation, impact analysis, and lessons learned. Cloud, Identity Security Tooling Work hands-on with and assess controls across (but not limited to): Microsoft Azure and Entra ID (Azure AD) Conditional Access, identity protection, and access governance Microsoft Intune and endpoint security controls Microsoft Defender (Endpoint, Cloud, and Cloud Apps) Microsoft Purview (data protection and information governance) Proofpoint (email security) Zscaler (secure web gateway / zero trust access) Brand monitoring and digital risk protection tools Risk Documentation Document risk assessments, findings, and remediation tracking. Contribute to security standards, procedures, and control documentation. Support continuous improvement of third-party risk and cloud security practices.