Senior Third Party Risk & Controls Specialist

1 hour, 11 minutes ago
Full-time
Senior
Cybersecurity
HubSpot

HubSpot

HubSpot provides a comprehensive cloud-based CRM platform that integrates marketing, sales, service, and operations tools to help businesses attract, engage, and delight customers effectively.

Media
5K-10K
Founded 2006

Description

  • Conduct technical security assessments of third-party applications, vendors, and service providers beyond questionnaire-based reviews.
  • Evaluate API security, authentication mechanisms, data flows, and integration architectures for vendor solutions.
  • Assess generative AI vulnerabilities in third-party applications, including model security, data privacy, and information disclosure risks.
  • Perform security reviews of Model Context Protocol (MCP) servers and implementations.
  • Review vendor security documentation, architecture diagrams, and technical controls.
  • Identify security gaps and provide risk-based recommendations and guardrails to stakeholders.
  • Collaborate with procurement, legal, and business teams on vendor onboarding and ongoing monitoring requirements.
  • Support Shadow IT discovery and risk assessments using enterprise tooling.
  • Evaluate risks associated with unsanctioned applications, browser extensions, and non-human identities such as service accounts and API keys.
  • Review OAuth grants, SAML configurations, and application integrations for security risks.
  • Support identity governance initiatives, access certification processes, and broader enterprise application security efforts.

Requirements

  • 5+ years of experience in application security, vendor risk management, cloud security, or a related field.
  • Experience with security frameworks such as NIST CSF, ISO 27001, and SOC 2.
  • Strong understanding of API security, including REST, GraphQL, authentication, and authorization.
  • Strong understanding of IAM principles such as RBAC, ABAC, and least privilege, plus modern authentication protocols like OAuth 2.0 and SAML.
  • Experience with non-human identity management, including service accounts, API tokens, and certificates.
  • Understanding of SaaS architectures, access controls, and integration security.
  • Understanding of LLM and generative AI security challenges and the emerging threat landscape.
  • Working knowledge of privacy and compliance standards such as GDPR, CCPA, and HIPAA.
  • Excellent prioritization, organization, time management, project management, and communication skills in a high-volume cross-functional environment.
  • Background in technical due diligence or managing large-scale supplier security programs is preferred.
  • Certifications such as CISSP, CCSP, CISM, or CRISC are a plus.
  • Remote candidates must be based in the Eastern Time Zone (ET).

Benefits

  • Annual cash compensation range of $95,600 to $143,400 USD.
  • Cash compensation may include base salary, on-target commission for eligible roles, and annual bonus targets.
  • Some roles are eligible for equity through restricted stock units (RSUs).
  • Some roles may also be eligible for overtime pay.
  • Benefits and perks are included as part of the total compensation package.
  • Remote work with flexibility, while still supporting in-person onboarding and team connection when required.
  • Accommodation support is available for candidates and employees with disabilities or travel limitations.

Interested in this position?

Apply directly on the company website

Apply Now

Similar Roles

COMSEC Responsible Officer

SpaceX 10K-50K Aerospace & Defense

SpaceX is hiring a COMSEC Responsible Officer to oversee communications security operations that support the security of its launch vehicles, satellites, and ground systems while maintaining compliance with national security requirements.

1 hour, 26 minutes ago

COMSEC Account Manager

SpaceX 10K-50K Aerospace & Defense

SpaceX is seeking a COMSEC Account Manager to manage cryptographic account operations and support the security of its launch vehicles, satellites, and ground systems while meeting national security requirements.

1 hour, 26 minutes ago

Threat Response Engineer (TRE) - Early Shift (6am-2pm MT)

Zscaler 1K-5K Internet Software & Services

Zscaler is hiring a remote Threat Response Engineer to investigate and respond to confirmed customer endpoint compromises in its Active Remediation MDR service.

CrowdStrike macOS
1 hour, 26 minutes ago

Processing Technician I

Precision For Medicine 1K-5K Pharmaceuticals

Precision Medicine Group is hiring a Processing Technician I to receive, inventory, and process biological samples for cryopreserved cell products and related laboratory testing support.

1 hour, 26 minutes ago

You're on a roll! Sign up now to keep applying.

Sign Up

Already have an account? Log in

Used by 14,729+ remote workers