Senior Third Party Risk & Controls Specialist

Job not on LinkedIn

🔥 0 minutes ago

🗽 New York – Remote

info

💵 $95.6k - $143.4k / year

⏰ Full Time

🟠 Senior

🎲 Risk

🦅 H1B Visa Sponsor

info
Apply Now
Find Similar Remote Jobs

📊 Check your resume score for this job

Improve your chances of getting an interview by checking your resume score before you apply.

Logo of HubSpot

HubSpot

1001 - 5000 employees

Founded 2006

🤝 B2B

☁️ SaaS

B2B • SaaS • Marketing

HubSpot is an AI-powered customer platform that combines marketing, sales, and customer service software into one integrated suite. With over 238,000 customers in 135 countries, HubSpot offers tools for marketing automation, sales management, customer service, content marketing, operations, and B2B commerce. With products like Marketing Hub, Sales Hub, Service Hub, and Content Hub, HubSpot enables businesses to generate leads, close deals, and provide excellent customer support, all while using AI to enhance operations and insights. The platform is designed to unify teams and customer data, supporting both small startups and large enterprises in their growth journey.

📋 Description

• Conduct technical security assessments of third-party applications, vendors, and service providers beyond traditional questionnaire-based reviews • Evaluate API security, authentication mechanisms, data flows, and integration architectures for vendor solutions • Assess generative AI vulnerabilities in third-party applications, including model security, data privacy, and information disclosure risks • Perform security reviews of Model Context Protocol (MCP) servers and implementations • Review vendor security documentation, architecture diagrams, and technical controls • Identify security gaps and provide risk-based recommendations and guardrails to stakeholders • Collaborate with procurement, legal, and business teams on vendor onboarding and ongoing monitoring requirements. • Support Shadow IT discovery and risk assessment initiatives using enterprise tooling • Evaluate security risks associated with unsanctioned applications and browser extensions • Assist with managing and reducing risk relating to non-human identity (NHI) including service accounts and API keys. • Assess access control implementations across enterprise applications and also members of HubSpot’s global contractor base. • Review OAuth grants, SAML configurations, and application integrations for security risks • Support identity governance initiatives and access certification processes • Collaborate and support the enterprise application management team on shared security initiatives

🎯 Requirements

• 5+ years of experience in application security, vendor risk management, cloud security, and/or related field • Experience with security frameworks (NIST CSF, ISO 27001, SOC 2, etc.) • Strong understanding of API security (REST, GraphQL, authentication/authorization) • Strong understanding of IAM principles (RBAC, ABAC, least privilege) and modern authentication protocols (OAuth 2.0, SAML) • Experience with non-human identity management (service accounts, API tokens, certificates) • Understanding of SaaS architectures, access controls, and integration security • Excellent prioritization, organization, and time management skills to suit a high-volume environment. • Understanding of LLM and generative AI security challenges and the emerging threat landscape. • Strong project management and communication skills to support a highly cross-functional work environment. • Working knowledge of privacy and compliance standards (GDPR, CCPA, HIPAA) • Background in technical due diligence or managing large-scale supplier security programs (preferred) • Certifications such as CISSP, CCSP, CISM, or CRISC are a plus

🏖️ Benefits

• Health insurance • 401(k) matching • Flexible working hours • Paid time off • Remote work options

Apply Now

Similar Jobs

🔥 1 hour ago

Virtue Health

11 - 50

⚕️ Healthcare Insurance

💳 Fintech

Clinical Risk Consultant at Virtue Health assessing high-cost claims and guiding stop-loss decisions. Collaborating with underwriters and delivering clinical education to optimize financial outcomes.

🔥 10 hours ago

Cirrus Asset Management Inc.

201 - 500

💸 Finance

🏠 Real Estate

🤝 B2B

Risk & Claims Manager at Cirrus Asset Management managing operational risks in multifamily and commercial properties. Oversseeing claims lifecycle and developing scalable risk management processes.

🔥 11 hours ago

First Merchants Corporation

1001 - 5000

🏦 Banking

💸 Finance

2nd Line Technology Risk & Governance Sr Manager at First Merchants Bank providing risk oversight and alignment with technology risk practices. Engaging with teams for compliance and reporting.

🔥 15 hours ago

CenterWell Senior Primary Care

1001 - 5000

⚕️ Healthcare Insurance

Senior Risk Management Professional identifying, analyzing, and mitigating organizational risks. Engaging in complex analyses to influence business strategies and outcomes.

🔥 15 hours ago

CVS Health

10,000+ employees

⚕️ Healthcare Insurance

🛒 Retail

🧘 Wellness

Leads governance and risk management initiatives for healthcare data at CVS Health. Collaborating on compliance and establishing frameworks in sensitive health information areas.