eTeam
Vendor security Engineer/ Analyst
eTeam, San Jose, California, United States, 95199
Role: Vendor security Engineer/ AnalystLocation: San Jose, CADuration: 6 Months
At least 5 years in a security specially in vendor security review and assessments. A great understanding of emerging technologies. Scripting or development experience to enable team automations. Security related certifications, CISSP desired.
The ideal candidate should have over 5 years of security experience, preferably in the third-party security field. This role will be working directly with business and technology partners, vendors, and legal to assess vendor security issues and risks, prioritize risk mitigation activities and guide the business to make risk-based decisions. We are looking for someone with outstanding security, communication, negotiation and interpersonal skills. The candidate should have good experience with Information security and Risk management practices and principles as well as some automation and technical experience.
Demonstrable understanding of cybersecurity risk assessment and risk management methodologies. Key qualification includes deep understanding of security and technical domains to best inform the program and assessment executionWork directly with business and technology partners, vendors, and legal to assess vendor security issues and risks, prioritize risk mitigation activities and guide the business to make risk-based decisions.Evaluate information security program maturity, security controls, and security documentation for Client's strategic vendorsReview threat models for third-party integrations and provide guidanceReview and assess Client vendors security posture before onboarding them to ClientCommunicate security risks to the business and build risk mitigation plansSupport legal team with negotiation around Information security contract requirementsCollaborate with cross-functional departments within Security, Procurement, Legal on process improvements and workflow integrations to provide improved customer experienceCommunicate and present key vendor security initiatives, practices and issues to business unitsCollaborate to develop executive reporting Provide metrics to report on vendor security program maturityBenchmark the program against the third-party risk assessment programs from similar companies and propose improvementDevelop continuous vendor monitoring capability by implementing BitSight or similar technologyCreate dashboards for executive reporting on BI tools (PowerBI preferred), JIRADevelop automation for enhancing the program, as needed.
At least 5 years in a security specially in vendor security review and assessments. A great understanding of emerging technologies. Scripting or development experience to enable team automations. Security related certifications, CISSP desired.
The ideal candidate should have over 5 years of security experience, preferably in the third-party security field. This role will be working directly with business and technology partners, vendors, and legal to assess vendor security issues and risks, prioritize risk mitigation activities and guide the business to make risk-based decisions. We are looking for someone with outstanding security, communication, negotiation and interpersonal skills. The candidate should have good experience with Information security and Risk management practices and principles as well as some automation and technical experience.
Demonstrable understanding of cybersecurity risk assessment and risk management methodologies. Key qualification includes deep understanding of security and technical domains to best inform the program and assessment executionWork directly with business and technology partners, vendors, and legal to assess vendor security issues and risks, prioritize risk mitigation activities and guide the business to make risk-based decisions.Evaluate information security program maturity, security controls, and security documentation for Client's strategic vendorsReview threat models for third-party integrations and provide guidanceReview and assess Client vendors security posture before onboarding them to ClientCommunicate security risks to the business and build risk mitigation plansSupport legal team with negotiation around Information security contract requirementsCollaborate with cross-functional departments within Security, Procurement, Legal on process improvements and workflow integrations to provide improved customer experienceCommunicate and present key vendor security initiatives, practices and issues to business unitsCollaborate to develop executive reporting Provide metrics to report on vendor security program maturityBenchmark the program against the third-party risk assessment programs from similar companies and propose improvementDevelop continuous vendor monitoring capability by implementing BitSight or similar technologyCreate dashboards for executive reporting on BI tools (PowerBI preferred), JIRADevelop automation for enhancing the program, as needed.