Lead Third Party Risk & Controls Specialist

HubSpot
Full-time
USA
$115k-$185k per year
Senior Level
Posted 5 months ago
project management risk management cloud security documentation
Go ad-free with Premium ×
The job listing has expired. Unfortunately, the hiring company is no longer accepting new applications.

To see similar active jobs please follow this link: Remote Consulting jobs

POS-1845

HubSpot is seeking a Third Party Risk & Integration Security Engineer to join our expanding IAM, Third Party Risk Management, and Enterprise Application Management team. This role is based on the idea of “external party security” and combines technical security assessment expertise in vendor risk management, focusing on evaluating third-party applications, emerging AI technologies, and integration security. The ideal candidate will conduct technical assessments of vendor security controls while also supporting broader software management and identity and access management initiatives across the organization.

What you’ll do

Third-Party Risk Assessment (Primary Focus - 60%)

  • Conduct technical security assessments of third-party applications, vendors, and service providers beyond traditional questionnaire-based reviews

  • Evaluate API security, authentication mechanisms, data flows, and integration architectures for vendor solutions

  • Assess generative AI vulnerabilities in third-party applications, including model security, data privacy, and information disclosure risks

  • Perform security reviews of Model Context Protocol (MCP) servers and implementations

  • Review vendor security documentation, architecture diagrams, and technical controls

  • Identify security gaps and provide risk-based recommendations and guardrails to stakeholders

  • Collaborate with procurement, legal, and business teams on vendor onboarding and ongoing monitoring requirements.

IAM & Enterprise Application Management (40%)

  • Support Shadow IT discovery and risk assessment initiatives using enterprise tooling

  • Evaluate security risks associated with unsanctioned applications and browser extensions

  • Assist with managing and reducing risk relating to non-human identity (NHI) including service accounts and API keys.

  • Assess access control implementations across enterprise applications and also members of HubSpot’s global contractor base.

  • Review OAuth grants, SAML configurations, and application integrations for security risks

  • Support identity governance initiatives and access certification processes

  • Collaborate and support the enterprise application management team on shared security initiatives

What we’re looking for 

  • 5+ years of experience in application security, vendor risk management, cloud security, and/or related field

  • Experience with security frameworks (NIST CSF, ISO 27001, SOC 2, etc.)

  • Strong understanding of API security (REST, GraphQL, authentication/authorization)

  • Strong understanding of IAM principles (RBAC, ABAC, least privilege) and modern authentication protocols (OAuth 2.0, SAML)

  • Experience with non-human identity management (service accounts, API tokens, certificates)

  • Understanding of SaaS architectures, access controls, and integration security

  • Excellent prioritization, organization, and time management skills to suit a high-volume environment.

  • Understanding of LLM and generative AI security challenges and the emerging threat landscape.

  • Strong project management and communication skills to support a highly cross-functional work environment.

  • Working knowledge of privacy and compliance standards (GDPR, CCPA, HIPAA)

  • Background in technical due diligence or managing large-scale supplier security programs (preferred)

  • Certifications such as CISSP, CCSP, CISM, or CRISC are a plus

Pay & Benefits

The cash compensation below includes base salary, on-target commission for employees in eligible roles, and annual bonus targets under HubSpot’s bonus plan for eligible roles. In addition to cash compensation, some roles are eligible to participate in HubSpot’s equity plan to receive restricted stock units (RSUs). Some roles may also be eligible for overtime pay. Individual compensation packages are tailored to your skills, experience, qualifications, and other job-related reasons.

This resource will help guide how we recommend thinking about the range you see. Learn more about HubSpot’s compensation philosophy.

Benefits are also an important piece of your total compensation package. Explore the benefits and perks HubSpot offers to help employees grow better.

At HubSpot, fair compensation practices aren’t just about checking off the box for legal compliance. It’s about living out our value of transparency with our employees, candidates, and community.

Annual Cash Compensation Range:

$115,400—$184,600 USD

Go ad-free with Premium ×
About the Job
Full-time
USA
Senior Level
$115k-$185k per year
Posted 5 months ago
project management risk management cloud security documentation
Check if your resume is a good fit
25/100
Get Full Report
+ 1,284 new jobs added today
30,000+
Remote Jobs

Don't miss out — new listings every hour

Join Premium

Lead Third Party Risk & Controls Specialist

HubSpot
The job listing has expired. Unfortunately, the hiring company is no longer accepting new applications.

To see similar active jobs please follow this link: Remote Consulting jobs

POS-1845

HubSpot is seeking a Third Party Risk & Integration Security Engineer to join our expanding IAM, Third Party Risk Management, and Enterprise Application Management team. This role is based on the idea of “external party security” and combines technical security assessment expertise in vendor risk management, focusing on evaluating third-party applications, emerging AI technologies, and integration security. The ideal candidate will conduct technical assessments of vendor security controls while also supporting broader software management and identity and access management initiatives across the organization.

What you’ll do

Third-Party Risk Assessment (Primary Focus - 60%)

  • Conduct technical security assessments of third-party applications, vendors, and service providers beyond traditional questionnaire-based reviews

  • Evaluate API security, authentication mechanisms, data flows, and integration architectures for vendor solutions

  • Assess generative AI vulnerabilities in third-party applications, including model security, data privacy, and information disclosure risks

  • Perform security reviews of Model Context Protocol (MCP) servers and implementations

  • Review vendor security documentation, architecture diagrams, and technical controls

  • Identify security gaps and provide risk-based recommendations and guardrails to stakeholders

  • Collaborate with procurement, legal, and business teams on vendor onboarding and ongoing monitoring requirements.

IAM & Enterprise Application Management (40%)

  • Support Shadow IT discovery and risk assessment initiatives using enterprise tooling

  • Evaluate security risks associated with unsanctioned applications and browser extensions

  • Assist with managing and reducing risk relating to non-human identity (NHI) including service accounts and API keys.

  • Assess access control implementations across enterprise applications and also members of HubSpot’s global contractor base.

  • Review OAuth grants, SAML configurations, and application integrations for security risks

  • Support identity governance initiatives and access certification processes

  • Collaborate and support the enterprise application management team on shared security initiatives

What we’re looking for 

  • 5+ years of experience in application security, vendor risk management, cloud security, and/or related field

  • Experience with security frameworks (NIST CSF, ISO 27001, SOC 2, etc.)

  • Strong understanding of API security (REST, GraphQL, authentication/authorization)

  • Strong understanding of IAM principles (RBAC, ABAC, least privilege) and modern authentication protocols (OAuth 2.0, SAML)

  • Experience with non-human identity management (service accounts, API tokens, certificates)

  • Understanding of SaaS architectures, access controls, and integration security

  • Excellent prioritization, organization, and time management skills to suit a high-volume environment.

  • Understanding of LLM and generative AI security challenges and the emerging threat landscape.

  • Strong project management and communication skills to support a highly cross-functional work environment.

  • Working knowledge of privacy and compliance standards (GDPR, CCPA, HIPAA)

  • Background in technical due diligence or managing large-scale supplier security programs (preferred)

  • Certifications such as CISSP, CCSP, CISM, or CRISC are a plus

Pay & Benefits

The cash compensation below includes base salary, on-target commission for employees in eligible roles, and annual bonus targets under HubSpot’s bonus plan for eligible roles. In addition to cash compensation, some roles are eligible to participate in HubSpot’s equity plan to receive restricted stock units (RSUs). Some roles may also be eligible for overtime pay. Individual compensation packages are tailored to your skills, experience, qualifications, and other job-related reasons.

This resource will help guide how we recommend thinking about the range you see. Learn more about HubSpot’s compensation philosophy.

Benefits are also an important piece of your total compensation package. Explore the benefits and perks HubSpot offers to help employees grow better.

At HubSpot, fair compensation practices aren’t just about checking off the box for legal compliance. It’s about living out our value of transparency with our employees, candidates, and community.

Annual Cash Compensation Range:

$115,400—$184,600 USD