Vendor Security Analyst

Remote

Full Time USD 60K - 100K *
Robinhood logo

Robinhood

Robinhood has commission-free investing, and tools to help shape your financial future. Sign up and get your first stock free. Limitations and fees may apply.

View all employer listings

Apply now Apply later

Join a leading fintech company that’s democratizing finance for all.

Robinhood was founded on a simple idea: that our financial markets should be accessible to all. With customers at the heart of our decisions, Robinhood is lowering barriers and providing greater access to financial information. Together, we are building products and services that help create a financial system everyone can participate in.

Just as we focus on our customers, we also strive to create an inclusive environment where our employees can thrive and do impactful work. We are proud of the competitive products and company culture we’ve built and have been recognized as:

  • Forbes Fintech 50 2021
  • Glassdoor Best Places to Work 2021 
  • Inc. Best-Led Companies 2021
  • TIME 100 Most Influential Company 2021

We’re growing and looking for...

We continue to hire Robinhoodies at a rapid pace to drive this journey, and with that growth comes necessary change. We’re seeking culture builders and curious thinkers looking to co-author the next chapters of our story. We’re in build mode, majorly expanding our team while also growing up as a company. Joining now means helping shape our structures and systems, then taking part as we launch into our ambitious future.

Check out life at Robinhood on The Muse!

About the team:

Robinhood is looking for an experienced analyst to join the Vendor Security program. This program is part of the Security, Risk and Compliance (SRC) program under Security. You will conduct third-party assessments to identify security risks and help the business make informed risk-based decisions. You will coordinate the assessments with partners across Robinhood and ensure the assessment is as streamlined as possible and minimize the amount of duplication across functions. When necessary, you will be identifying vital deep dives and develop a custom plan for performing those deep dives to ensure the output of the assessment matches expectations. The ideal candidate will thrive on working cross-functionally, building trust and great working relationships across a number of functions.

What you’ll do day-to-day:

  • Perform security assessments of vendors and third parties to identify and reduce risk across the organization, including assigning questions and analyzing the answers
  • Create, track and report back on action items from assessments
  • Work with Commercial Legal team on contract reviews
  • Review questionnaire and supporting security artifacts, including security audit reports (e.g., SOC 2 Type 2, ISO 27001), penetration test, and vendor security policies
  • Document assessment results and report findings for remediation tracking
  • Communicate security recommendation to the business requester
  • Provide appropriate risk mitigating steps as approval conditions if necessary
  • Find opportunities for improving program and review process

About you:

  • Experience assessing third-party security risk and performing security assessments
  • Knowledge of information security concepts and theory, and the application of such through technical and non-technical methods
  • Understanding of a wide variety of IT risk domains related to confidentiality, integrity, and availability
  • Ability to interface, influence and communicate (written and verbally) with all levels of management, stakeholders and internal customers
  • Strong analytical, collaboration, organizational, time management, and project management skills
  • Ability to understand and run the implications and impacts of technical issues and processes in the context of information security and risk management
  • Strong initiative and ability to manage priorities and work successfully with minimal direction
  • Must manage multiple tasks while maintaining attention to detail

Bonus points:

  • Certified Risk and Information Systems Control (CRISC), Certification in Risk Management Assurance (CRMA), or Certified Information Systems Auditor (CISA), or Certified Information Systems Security Professional (CISSP)

We’re looking for more growth-minded and collaborative people to be a part of our journey in democratizing finance for all. If you’re ready to give 100% in helping us achieve our mission—we’d love to have you apply even if you feel unsure about whether you meet every single requirement in this posting. At Robinhood, we're looking for people invigorated by our mission, values, and drive to change the world, not just those who simply check off all the boxes.

Robinhood promotes diversity and provides equal opportunity for all applicants and employees. We are dedicated to building a company that represents a variety of backgrounds, perspectives, and skills. We believe that the more inclusive we are, the better our work (and work environment) will be for everyone. Additionally, Robinhood provides reasonable accommodations for candidates on request and respects applicants' privacy rights. To review Robinhood's Privacy Policy please visit Robinhood - US Applicant Privacy Policy.

Robinhood's benefits include generous time off, 401(k) participation with employer match, comprehensive health coverage, a health savings account (HSA), wellness benefits, backup childcare and education stipends (all benefits are subject to applicable taxes and based on eligibility).

Robinhood is a primarily remote company. If hired, you will work as a remote employee unless the job you are applying for has a different working model specified. Please reach-out  to your recruiter if you have any questions regarding the job’s working model.

* Salary range is an estimate based on our salary survey at salaries.infosec-jobs.com
Job region: Remote/Anywhere
Job stats:  20  7  1
  • Share this job via
  • or

Other jobs like this

Explore more Cyber Security career opportunities

Find open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Analysis, Cryptography, Digital Forensics and Cybersecurity in general, filtered by job title or popular skill, toolset and products used.