Previous Job
Previous
Third Party Security Risk Assessor
Ref No.: 17-14253
Location: Menlo Park, California
Seekgin a Third Party Security Risk Assessor to join the Information Security team. This position will be responsible for understanding and executing third party reviews as part of Third Party Risk Security Program.

The Third Party Security Review specialist will be someone that has a passion for evaluating security risk posed by vendor relationships along with internal processes and technologies while empowering culture of rapid innovation and helping demonstrate  dedication to security to the world. This role requires a mix of broad business and technical acumen, evaluating risk, and a polished ability to communicate. This is a contract position.

Responsibilities
Help demonstrate commitment to security to internal and external stakeholders
Complete security reviews of third parties doing business
Understand technical implementation details necessary to identify and assess security risks and recommend mitigating controls
Participate in the development and oversight of required corrective action plans relating to security risk issues specific to security reviews completed
Understand business process and requirements relative to the specific vendor security reviews
Requirements
Experience assessing Information Security risk with strong preference given to individuals who have completed vendor security risk reviews and technical risk assessments;
3+ years of proven experience working on Information Security teams or projects;
Strong program and project management skills required;
Experience with developing security reporting that is meaningful and actionable for a variety of audiences including internal stakeholders and external third parties;
Knowledge and understanding of security controls across all security domains such as access management, encryption methods, vulnerability management, network security, physical security, etc.;
Understanding of processes for risk evaluation and assessing third parties across diverse industries and against a broad range of security requirements;