Vendor Security Analyst

Job Location:

Chicago, IL - USA

Monthly Salary: Not Disclosed

Posted on: 9 days ago

Vacancies: 1 Vacancy

Job Summary

About Pinterest:

Millions of people around the world come to our platform to find creative ideas dream about new possibilities and plan for memories that will last a lifetime. At Pinterest were on a mission to bring everyone the inspiration to create a life they love and that starts with the people behind the product.

Discover a career where you ignite innovation for millions transform passion into growth opportunities celebrate each others unique experiences and embrace theflexibility to do your best work. Creating a career you love Its Possible.

At Pinterest AI isnt just a feature its a powerful partner that augments our creativity and amplifies our impact and were looking for candidates who are excited to be a part of that. To get a complete picture of your experience and abilities well explore your foundational skills and how you collaborate with AI.

Through our interview process what matters most is that you can always explain your approach showing us not just what you know but how you think. You can read more about our AI interview philosophy and how we use AI in our recruiting process here.

Pinterests Security team (Pinfosec) is seeking an experienced Vendor Security Analyst to conduct assessments of our vendors and help drive vendor and third-party security initiatives to keep our users employees and infrastructure safe from third-party security risk. You will have the opportunity to support the improvement of our vendor security program and GRC initiatives and provide meaningful impact in minimizing risk for Pinterest. Youre passionate about security innovation and able to vet third-party solutions while minimizing employee friction and maximizing productivity.

What youll do:

Perform vendor security assessments in order to minimize risk from third-party services
Support the Vendor Security lead to Maintain and improve the vendor security program while working closely with Security Legal IT and other internal stakeholders
Ensure vendor security issues are identified communicated and remediated to an acceptable level of risk
Act as the SME for High Priority Vendor Security Reviews (e.g. AI related tooling)
Interface with other teams and take a leadership role in driving vendor security initiatives
Manage the MSSP for Vendor Security when the Vendor Security Lead is unavailable
Act as the Vendor Security SME for the Onspring Risk Register and manage the maintenance and updating of Vendor Security related exceptions
Support Pinterests Security Governance Risk & Compliance program on an ad hoc basis such as; Be responsible for the monthly review and maintenance of security awareness training metrics assist in the update of security policies from time to time assist in the audit evidence gathering for SOC 2 Type 2 compliance as required assist in the completion of security questionnaires from Pinterests advertisers
You will be required to have a thorough understanding of security concepts but you will not need to have coding experience

What we are looking for:

3 years experience performing vendor security risk analysis for new and existing vendors
Experience supporting the design management and building of security programs and best practices
Familiarity with compliance frameworks (e.g. PCI GDPR SOC2 ISO27001 NIST CSF)
Good understanding of various security domains
Strong sense of ownership and comfortable with autonomy and ambiguity
Great communicator who is comfortable leading meetings and audit type interviews with vendors
Bachelors degree in a relevant field such as Computer Science Engineering or other cognitive function or equivalent experience

In-Office Requirement Statement:

We let the type of work you do guide the collaboration style. That means were not always working in an office but we continue to gather for key moments of collaboration and connection.
This role will need to be in the office for in-person collaboration 1-2 times/quarter and therefore can be situated anywhere in the country.

Relocation Statement:

This position is not eligible for relocation assistance. Visit our PinFlex page to learn more about our working model.

#LI-HYBRID

#LI-AH2

Required Experience:

About Pinterest:Millions of people around the world come to our platform to find creative ideas dream about new possibilities and plan for memories that will last a lifetime. At Pinterest were on a mission to bring everyone the inspiration to create a life they love and that starts with the people b...

About Pinterest:

What youll do:

Perform vendor security assessments in order to minimize risk from third-party services
Support the Vendor Security lead to Maintain and improve the vendor security program while working closely with Security Legal IT and other internal stakeholders
Ensure vendor security issues are identified communicated and remediated to an acceptable level of risk
Act as the SME for High Priority Vendor Security Reviews (e.g. AI related tooling)
Interface with other teams and take a leadership role in driving vendor security initiatives
Manage the MSSP for Vendor Security when the Vendor Security Lead is unavailable
Act as the Vendor Security SME for the Onspring Risk Register and manage the maintenance and updating of Vendor Security related exceptions
Support Pinterests Security Governance Risk & Compliance program on an ad hoc basis such as; Be responsible for the monthly review and maintenance of security awareness training metrics assist in the update of security policies from time to time assist in the audit evidence gathering for SOC 2 Type 2 compliance as required assist in the completion of security questionnaires from Pinterests advertisers
You will be required to have a thorough understanding of security concepts but you will not need to have coding experience

What we are looking for:

3 years experience performing vendor security risk analysis for new and existing vendors
Experience supporting the design management and building of security programs and best practices
Familiarity with compliance frameworks (e.g. PCI GDPR SOC2 ISO27001 NIST CSF)
Good understanding of various security domains
Strong sense of ownership and comfortable with autonomy and ambiguity
Great communicator who is comfortable leading meetings and audit type interviews with vendors
Bachelors degree in a relevant field such as Computer Science Engineering or other cognitive function or equivalent experience

In-Office Requirement Statement:

We let the type of work you do guide the collaboration style. That means were not always working in an office but we continue to gather for key moments of collaboration and connection.
This role will need to be in the office for in-person collaboration 1-2 times/quarter and therefore can be situated anywhere in the country.

Relocation Statement: