Sr. Staff, Security Research (Risk Management)

Our Engineering team built the world's largest cloud security platform from the ground up, and we keep building. With more than 100 patents and big plans for enhancing services and increasing our global footprint, the team has made us and our multitenant architecture today's cloud security leader, with more than 15 million users in 185 countries. Bring your vision and passion to our team of cloud architects, software engineers, security experts, and more who are enabling organizations worldwide to harness speed and agility with a cloud-first strategy.

We're looking for an experienced Sr Staff, Security Researcher to join our Cyber and Data Security Team.  This is a hybrid work environment, going in to our Escazu office 3 days a week.  Reporting to the VP, Corporate CISO, you will do the following: 

• Risk Assessments: Conduct comprehensive risk assessments of third-party vendors to evaluate their cybersecurity posture, data protection practices, and compliance with relevant regulations. Manage the vendor intake process and review required documentation and evidence.
• Cross-Functional Collaboration: Partner with procurement, legal, compliance, IT, and other functions to ensure appropriate due diligence is performed on vendors and partners before contract signing.
• Security Monitoring: Monitor and assess the security of third parties, support the response and remediation of cybersecurity incidents involving third-party vendors, and ensure vendors are taking necessary steps to reduce their exposure.
• Program Improvements: Evaluate and implement improvements to the Third-Party Risk Management (TPRM) program, including changes to policies, procedures, templates, questionnaires, technical security standards, guidelines, and AI/ML tooling. Analyze regulatory changes that may impact vendor due diligence requirements.
• Reporting and Metrics: Generate security risk rating metrics and reports summarizing risk assessments, issues, and mitigation plans. Identify and report or escalate potential areas of risk or non-responses.

What We're Looking for (Minimum Qualifications)

• Minimum 7+ years' experience in cybersecurity roles such as risk management, vendor risk assessments, incident response, security operations, security engineering, or network security.
• Broad understanding of security best practices and technologies, including application security, secure software development lifecycles, risk management, data protection, encryption & key management, identity and access management, security operations, security governance, and network security.
• Familiarity with cybersecurity standards such as NIST, ISO 27001, SOC2, and GDPR.
• Excellent communication and interpersonal skills for effective collaboration with stakeholders at all levels, including geographically distributed teams, on risk assessment, threat modeling, and vulnerability remediation.

What Will Make You Stand Out (Preferred Qualifications)

• Preferred experience with GRC (Governance, Risk, and Compliance), vendor management, and incident response tools.
• Preferred knowledge of cloud security, third-party services (e.g., SaaS, PaaS), and AI/ML.

#LI-Hybrid

#LI-BH1