Security Assurance Analyst, Third Party Risk

Mexico Anywhere

Applications have closed

Lyft

Rideshare with Lyft. Lyft is your friend with a car, whenever you need one. Download the app and get a ride from a friendly driver within minutes.

View company page

At Lyft, our mission is to improve people’s lives with the world’s best transportation. To do this, we start with our own community by creating an open, inclusive, and diverse organization.

Lyft’s engineering team is growing rapidly, and we are looking for a Security Assurance Analyst to help us scale our third party risk program. Our drivers and passengers entrust Lyft with their personal information and travel details to get where they are going and expect us to keep that data safe. We in turn expect the same from our third party partners with which we may share customer and business data.

Lyft’s Third Party Risk team manages information security and privacy risk across our portfolio of vendors, suppliers, service providers, and business partners. We conduct third party assessments which includes conducting due diligence on their security program, understanding their privacy practices, and advising the business on managing any identified risks.

As a member of the Third Party Risk team, you will conduct risk assessments, review documentation and responses from vendors, and work with internal stakeholders such as legal, procurement, engineering, and business to approve new vendors. You will collaborate with other IT and security teams to help onboard vendors and advise on any security and privacy risks during implementation. You will also work on improving the overall maturity of the third party risk program by contributing to policy development, improving overall process design and tooling, and drafting technical runbooks. You’ll meet and work with stakeholders across the company working on exciting new projects, work with engineering teams to automate continuous monitoring of third parties, and serve as a trusted advisor to teams across Lyft on issues related to third party risk.

Responsibilities:
  • Partner with procurement to facilitate the review of third party risk for all new vendors and contract renewals
  • Independently conduct security risk assessments through SIG Lite questionnaires or review of third party security compliance documentation such as SOC 2 reports
  • Negotiate acceptance of remediation plans and timelines with vendors based on level of risk associated with a finding
  • Build strong cross-functional relationships with product and engineering teams.
  • Communicate risk to both technical and non-technical stakeholders across the business and negotiate risk mitigation strategies.
  • Develop and maintain internal policies, guidelines, and best practices for Lyft.
  • Develop, implement and manage tools to improve capabilities of third party risk process
  • Gather and organize assessment data and results to support risk reporting and monitoring processes.
  • Assist with compliance audits such as SOC 2, HIPAA, NIST 800-171, and NIST CSF as it relates to the third party risk program
Experience:

Security superstars come from many backgrounds. We encourage you to apply even if you do not match this list perfectly.

  • 5+ years experience in security governance, risk, and compliance
  • Knowledge of regulatory compliance and related assessments/certifications including SOC 2, ISO 27001, NIST CSF, NIST 800-171 and HIPAA
  • Strong technical background and ability to negotiate effectively with engineering teams
  • Strong cross-functional communication and leadership skills, with the ability to initiate and drive projects proactively
  • Strong teamwork and collaboration skills
  • Strong written and verbal communication skills
  • Ability to own and manage high priority projects and multiple tasks

 

 

Responsabilidades:
  • Asociarse con el equipo de Procurement para facilitar la revisión del riesgo a terceros para todos los nuevos proveedores y renovaciones de contratos.
  • Realizar evaluaciones de riesgos de seguridad de forma independiente a través de cuestionarios SIG Lite o revisar la documentación de cumplimiento de seguridad de terceros, como los informes SOC 2.
  • Negociar la aceptación de los planes de remediación y los plazos con los proveedores en función del nivel de riesgo asociado con un hallazgo.
  • Construir relaciones interfuncionales sólidas con los equipos de producto e ingeniería.
  • Comunicar el riesgo a las partes interesadas técnicas y no técnicas en todo el negocio y negociar estrategias de mitigación de riesgos.
  • Desarrollar y mantener políticas internas, lineamientos y mejores prácticas para Lyft.
  • Desarrollar, implementar y administrar herramientas para mejorar las capacidades del proceso de riesgo de terceros
  • Recopilar y organizar los datos y los resultados de la evaluación para respaldar los procesos de monitoreo e informes de riesgos.
  • Asistir con auditorías de cumplimiento como SOC 2, HIPAA, NIST 800-171 y NIST CSF en relación con el programa de riesgo de terceros
Experiencia:

Los superestrellas de la seguridad tienen diferentes orígenes. Les recomendamos que presenten su solicitud incluso si no coincide perfectamente con esta lista.

  • Más de 5 años de experiencia en seguridad, riesgo y cumplimiento.
  • Conocimiento del cumplimiento normativo y evaluaciones/certificaciones relacionadas, incluidos SOC 2, ISO 27001, NIST CSF, NIST 800-171 e HIPAA.
  • Sólida formación técnica y capacidad para negociar adecuadamente con los equipos de ingeniería.
  • Fuertes habilidades de liderazgo y comunicación interfuncional, con la capacidad de iniciar e impulsar proyectos de manera proactiva.
  • Gran trabajo en equipo y habilidades de colaboración.
  • Fuertes habilidades de comunicación en inglés, tanto escrita como verbal.
  • Capacidad para poseer y administrar proyectos de alta prioridad y multitasking.

Tags: Audits Compliance Governance HIPAA ISO 27001 Monitoring NIST Privacy SOC 2

Perks/benefits: Career development

Regions: Remote/Anywhere North America
Countries: Mexico United States
Job stats:  7  5  0

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.