Security Third Party Risk Management Specialist

TL;DR

Security Third Party Risk Management Specialist: Executing vendor security reviews and maintaining hirify.global’s Third Party Risk Program with an accent on identifying security risks, documenting findings, and recommending risk treatment options. Focus on supporting security certification audits, improving vendor security review processes, and partnering with various internal stakeholders.

Location: Hybrid (Lisbon, Portugal)

Company

hirify.global is a large-scale technology company on a mission to help build a better Internet by providing network, security, and performance services globally.

What you will do

• Execute vendor security reviews by collecting and analyzing vendor security control documentation and audit reports.
• Identify third-party security risks, document findings, and recommend risk treatment options.
• Determine security contract requirements and communicate them to Contracts & Legal teams.
• Maintain hirify.global’s Vendor Master, including the list of Critical vendors.
• Support customer-facing and incident response teams by ensuring vendors are not affected by vulnerabilities or incidents.
• Support hirify.global’s security certification audits by providing evidence of vendor security reviews.
• Partner with stakeholders across Procurement, IT, Contracts, Legal, and Privacy teams for efficient vendor due diligence.
• Lead projects to improve the Vendor Security Review process, workflow, and tooling.

Requirements

• Experience typically gained in 5-8 years working in Security GRC.
• Experience reviewing vendor security documentation including ISO 27001, SOC 2, and PCI DSS audit reports.
• Experience identifying security controls gaps, determining risk ratings, and recommending mitigating controls.
• Familiarity with security contract requirements.
• Strong organizational, analytical, and interpersonal skills.
• Self-starter with the ability to work independently.
• Must be based in Lisbon, Portugal for hybrid work.

Culture & Benefits

• Join a rapidly scaling and world-class security organization within a billion-dollar business.
• Committed to building a diverse and inclusive team.
• Contribute to protecting the free and open Internet through initiatives like Project Galileo, Athenian Project, and 1.1.1.1.
• Provides reasonable accommodations to qualified individuals with disabilities.
• Some travel may be required to engage with teammates and stakeholders in San Francisco, Austin, or other global hirify.global locations.