Staff Security Assurance Engineer - Third Party Risk Management

Databricks
Full-time
India
Senior Level
Posted 6 months ago
risk management security engineer
Go ad-free with Premium ×
The job listing has expired. Unfortunately, the hiring company is no longer accepting new applications.

To see similar active jobs please follow this link: Remote Consulting jobs

RDQ326R19

The Databricks Security Assurance Team enables Databricks to achieve third party certifications and to manage third-party security risk, in order to help secure Databricks and provide confidence to customers. As a Staff Security Assurance Engineer with a focus on third party risk management, you will be responsible for managing and continually maturing the third-party risk management program at Databricks. You will be an individual contributor reporting to the Senior Director of Security Assurance.

This is a work opportunity within India.

The impact you will have:

  • Own and be responsible for the Security Assurance Team’s third-party risk management program at Databricks. 

  • Evaluate the security program maturity, security controls, and security documentation of Databricks third-parties by performing security assessments and audits.

  • Maintain third-party risk management assessment procedures and related documentation.

  • Maintain the security language used in Databricks vendor contracts.

  • Identify, drive, and manage third-party risk management program maturity improvements.

  • Develop, analyze, and maintain third-party risk management program metrics.

What we look for:

We are looking for a professional with the following skills and practical experience in:

  • Bachelor's degree in Computer Science or related field, or equivalent experience.

  • 10+ years of security experience with at least 4 years of that in third-party risk management including performing security reviews.

  • Experience managing and improving third-party risk management programs.

  • Experience conducting virtual or onsite security audits of vendors.

  • A comprehensive understanding of security controls across all domains.

  • A general understanding of key technical security controls.

  • Familiarity with vendor security questionnaires for third party assessments.

  • Knowledge and understanding of security regulations and standards such as SOC 2, PCI, ISO 27001, etc.

  • Experience working effectively across the spectrum of individual contributors and senior leadership within an organization (for example, Procurement, IT, Security, etc.).

  • Experience working with internal Legal teams regarding security language in vendor contracts.

  • Experience classifying vendors by criticality and security risk is preferred.

  • Experience with Jira is preferred.

  • Security related certifications such as CISSP is preferred.

Go ad-free with Premium ×
About the Job
Full-time
India
Senior Level
Posted 6 months ago
risk management security engineer
Check if your resume is a good fit
25/100
Get Full Report
+ 1,284 new jobs added today
30,000+
Remote Jobs

Don't miss out — new listings every hour

Join Premium

Staff Security Assurance Engineer - Third Party Risk Management

Databricks
The job listing has expired. Unfortunately, the hiring company is no longer accepting new applications.

To see similar active jobs please follow this link: Remote Consulting jobs

RDQ326R19

The Databricks Security Assurance Team enables Databricks to achieve third party certifications and to manage third-party security risk, in order to help secure Databricks and provide confidence to customers. As a Staff Security Assurance Engineer with a focus on third party risk management, you will be responsible for managing and continually maturing the third-party risk management program at Databricks. You will be an individual contributor reporting to the Senior Director of Security Assurance.

This is a work opportunity within India.

The impact you will have:

  • Own and be responsible for the Security Assurance Team’s third-party risk management program at Databricks. 

  • Evaluate the security program maturity, security controls, and security documentation of Databricks third-parties by performing security assessments and audits.

  • Maintain third-party risk management assessment procedures and related documentation.

  • Maintain the security language used in Databricks vendor contracts.

  • Identify, drive, and manage third-party risk management program maturity improvements.

  • Develop, analyze, and maintain third-party risk management program metrics.

What we look for:

We are looking for a professional with the following skills and practical experience in:

  • Bachelor's degree in Computer Science or related field, or equivalent experience.

  • 10+ years of security experience with at least 4 years of that in third-party risk management including performing security reviews.

  • Experience managing and improving third-party risk management programs.

  • Experience conducting virtual or onsite security audits of vendors.

  • A comprehensive understanding of security controls across all domains.

  • A general understanding of key technical security controls.

  • Familiarity with vendor security questionnaires for third party assessments.

  • Knowledge and understanding of security regulations and standards such as SOC 2, PCI, ISO 27001, etc.

  • Experience working effectively across the spectrum of individual contributors and senior leadership within an organization (for example, Procurement, IT, Security, etc.).

  • Experience working with internal Legal teams regarding security language in vendor contracts.

  • Experience classifying vendors by criticality and security risk is preferred.

  • Experience with Jira is preferred.

  • Security related certifications such as CISSP is preferred.