Information Security Analyst, Vendor Security 21

Job Description

Company: Software Technology

Location: US

Information Security, Analyst Risk & Compliance

Vendor Security Reviews

Contract

Sr. Program Manager of Risk & Compliance

Sephora Field Support Center (FSC) San Francisco or Remote

POSITION SUMMARY:

We are creating an innovative, highly-skilled, results-oriented technology team with a deep commitment to building and implementing a comprehensive Risk Management Framework. As a Risk and Compliance Analyst, you must have a passion for managing corporate security along with a desire to relentlessly champion best practices. Reporting to the Sr. Program Manager Security Risk and Compliance, you will be responsible for performing functions required to support day-to-day risk management, compliance, and security operations. You will focus on standardization, suitability, and integration of the existing security portfolio incorporating new and more dynamic solutions to make our environment more secure and user-friendly.

POSITION RESPONSIBILITIES:
• Vendor Security reviews Primary Responsibility
• Perform vendor security reviews, learn Sephora Vendor Review Methodology and perform vendor and project security reviews.
• Lead security reviews from a technical perspective.
• Partner with Business and Legal teams to review vendor contracts and add necessary security clauses to contracts.
• If needed, support other areas of Risk, Security and Compliance Practice, for example:
• Perform Security Incident Investigations
• Support Annual Table Top Exercises
• Support Security Awareness Initiatives
• Support PCI compliance efforts
• Support various audit efforts
• Lead/Support security vulnerabilities remediation initiatives
• Ongoing implementation of security standards and best practices for the organization, formalizing and socializing processes.
• Work with Information Technology staff and cross functional stakeholders to help assess risk and address security issues.
• Demonstrate our Sephora values of Passion for Client Service, Innovation, Expertise, Balance, Respect for All, Teamwork, and Initiative.

DESIRED QUALIFICATIONS:
• Required Qualifications
• 4+ years hand on vendor security review experience is Required.
• 6-8 years of experience in Security, InfoSec Risk Management, or Security Compliance role.
• Technical knowledge in information security controls is required. Must have working knowledge of information security principles and best practices in general, specifically relating to at least one of the following: security incident response, project security review, vendor security review, security awareness, and compliance.
• Must be able to collaborate effectively within InfoSec Team and build effective partnerships across the organization with business stakeholders.
• A must is an ability to take direction, learn quickly, take the initiative, work independently, be a self-starter.
• Must have strong communication and problem-solving skills.
• Must have strong skills to organize and keep track of information/documentation; Attention to detail is an absolute must.
• Bachelor’s degree in Business, Computer systems / or equivalent experience.
• Strongly Preferred
• Have a working understanding of PCI compliance requirements.
• Experience managing/supporting internal/external audits, security awareness, table top exercises, security incidents.
• Understanding of common InfoSec Framework (CIS20 or NIST Risk)
• Experience completing Soc2
• Contract review experience is plus

Required Skills: Experience performing vendor security reviews. Basic Qualification: 4+ years hand on vendor security review experience is required – 6-8 years of experience in Security, InfoSec Risk Management, or Security Compliance role. Additional Skills: 4+ years hand on vendor security review experience is required – 6-8 years of experience in Security, InfoSec Risk Management, or Security Compliance role.

Source: Jobilize