Role – Senior Security Engineer with Vendor Security BitSight & Risk Management
Location –San Jose, CA
| Role name: | Senior Security Engineer |
|---|---|
| Role Description: | Vendor Security Assessment & Risk Management: Evaluate security posture, assess risks, and prioritize mitigation strategies for third-party vendors.Collaboration & Stakeholder Engagement: Work closely with business, technology, vendors, and legal teams to ensure security compliance and risk-based decision-making.Security Program Evaluation & Improvement: Benchmark vendor security programs against industry standards and recommend enhancements.Automation & Reporting: Develop dashboards (Power BI preferred), automate processes, and track vendor security metrics for executive reporting.Contract & Compliance Support: Assist legal teams in negotiating security requirements and ensuring vendor compliance with security frameworks |
| Competencies: | Digital : Microsoft Power BI, Cyber Security – GRC – Vendor Risk Assessment |
| Essential Skills: | Cybersecurity & Risk Management: 5+ years of experience in security, preferably in third-party security, with expertise in risk assessment and mitigation.Security & Technical Expertise: Strong understanding of security controls, threat modeling, vendor security posture assessment, and risk-based decision-making.Stakeholder Management: Experience working with business teams, technology partners, vendors, and legal to assess security risks and negotiate contract requirements.Communication & Negotiation: Excellent interpersonal skills to convey security risks, collaborate on mitigation plans, and present initiatives to business units.Process Improvement & Benchmarking: Ability to evaluate and enhance vendor security programs by comparing with industry best practices.Automation & Reporting: Experience developing automation solutions, creating dashboards (Power BI preferred), and using JIRA for workflow tracking.Continuous Vendor Monitoring: Familiarity with BitSight or similar technologies for ongoing vendor security evaluation. |
| Desirable Skills: | Cloud Security Knowledge: Understanding of security risks related to cloud vendors and SaaS applications.Regulatory & Compliance Awareness: Familiarity with frameworks like ISO 27001, SOC 2, NIST, or GDPR for vendor security assessments.Scripting & Automation: Experience with scripting languages (Python, PowerShell, etc.) to automate security processes.Incident Response & Forensics: Ability to assess and respond to vendor-related security incidents.Third-Party Risk Management Tools: Experience with tools like Archer, OneTrust, or SecurityScorecard for vendor risk assessments |
|
|
Mohd Adil | Executive – Talent Acquisition M: +1 469-552-7783 | E: mohd.a@twsol.com
INDIA | NORTH AMERICA | MIDDLE EAST |
Teamware Solutions does not encourage acceptance of any fees, payments, gifts, or other benefits in cash or in kind from any potential candidates seeking employment with the organization.Knowledge of such instances should be immediately communicated to [email protected]