Security Engineer - WOARior

Key Responsibilities :

Must Have :

Audit and Compliance

Security Engineering

Third Party Risk Management

Nice to Have : automation

Programming

JOB DESCRIPTION

We are looking for a Security Engineer focused on third party security risk management to help maintain and scale our existing program. You will report to the third party security manager and will support the overall operation of our third party risk management program. The goal is to level up 3rd party security standards, perform assessments, track and report the security posture of our vendors and partners, and leverage technology to help Riot make quicker and better security informed decisions.

You would have a broad technical background across a wide range of security disciplines and solutions and have excellent presentation, writing, communication, and customer interface skills. We are looking for someone who can take third party security and automate and integrate that into our Remote Access strategy.

Responsibilities :

Support the onboarding and oversight of important supplier and client relationships

Help with regulatory, client, internal or other third-party audit / assessment requests

Partner with internal stakeholders to help them make intelligent risk decisions in supplier selection and acquisitions

Prepare regular reporting on risk exposure for supplier and client audits / assessments

Communicate to internal stakeholders regarding third-party events

Contribute to team discussions to support a positive security culture and help grow our program

Develop or refine assessment and risk management processes

Partner with other security teams to automate and speed up the 3rd party risk assessment and 3rd party onboarding process

Required Qualifications :

Ability to communicate technical concepts to non-technical audiences

Experience in leading, managing information security risk assessments and audits

Experience in configuring, maintaining and managing GRC / TPRM solutions

Experience collaborating with Legal, Compliance, and Privacy teams to support specific security and regulatory requirements

3 years of experience in Information Security Risk Management, Security Engineering and / or GRC roles

Desired Qualifications :

Experience building security programs and processes

Experience in automating the auditing and assessment of information security controls

Working knowledge of access control and identity management systems

Working knowledge of network security, cloud security, and / or application security

CISSP, CISA, CRISC or similar certifications

Development experience with Python, Go or a similar language

About AgreeYa :

AgreeYa Solutions is a leading global provider of software, solutions and services to small, medium and global Fortune 100 organizations. Founded in 1999 and headquartered in Folsom, Calif., AgreeYa has over 2,500 professionals helping clients across U.S, India, Mexico, and Singapore. Leveraging a technology-enabled, consultative approach and diverse talent, AgreeYa offers modern workplace, smart analytics, intelligent automation, AI / ML, cloud transformation, mobility and talent management solutions to deliver digital transformation to its clients. AgreeYa has received considerable recognition including certifications like Microsoft Solutions Partner and Cloud Solutions Provider, AICPA SOC 2 Type 2, SEI CMMI and ISO 9001 : 2015; and awards including 'Dream Company to Work For' and 'Best Employer Brand'.