Senior Security Analyst
Brooklyn, NY, United States
Etsy
Find the perfect handmade gift, vintage & on-trend clothes, unique jewelry, and more… lots more.Company Description
Etsy is the global marketplace for unique and creative goods. We build, power, and evolve the tools and technologies that connect millions of entrepreneurs with millions of buyers around the world. As an Etsy Inc. employee – whether a team member of Etsy, Reverb, Depop, or Elo7 – you’ll tackle unique, meaningful, and large-scale problems alongside passionate coworkers, all the while making a rewarding impact and Keeping Commerce Human.
Job Description
What’s the role?
Etsy Security seeks a Senior Security Analyst to join Etsy’s Information Security Vendor Risk team. The team is responsible for triaging and assessing our suppliers, managing remediations and approvals, developing a review process in collaboration with our compliance, sourcing, and legal teams, the creation and delivery of risk metrics, vendor incident response including investigation and reporting, and working closely with adjacent Security teams to develop and mature Etsy’s security posture.
This is a full-time position reporting to the Engineering Manager of IT Governance, Risk, & Compliance and the base salary range will be 114,000-148,000 USD per year. In addition to salary, you will also be eligible for an equity package, an annual performance bonus, and our competitive benefits that support you and your family as part of your total rewards package at Etsy. For this role, we are considering candidates based in the United States who are either remote, flex, or office-based. Etsy offers different work modes to meet the variety of needs and preferences of our team. Learn more about our flexible work options and vaccination policy here.
What does the day-to-day look like?
- Serve as the main point of contact for risk management of third-party providers.
- Work with a cross functional team to deliver a new vendor risk review process that fits into the overall sourcing strategy.
- Triage, assess, track, and work with vendors to understand and manage risks.
- Be responsible for tracking risks and reporting them through Enterprise Risk Management.
- Contribute to building out and maintaining the InfoSec Risk Register.
- Handle complex vendor risk assessments and is skilled in remediation, process improvement, and encourages change.
- Lead the creation and maintenance of our vendor risk management policy.
- Of course, this is just a sample of the kinds of work this role will require! You should assume that your role will encompass other tasks, too, and that your job duties and responsibilities may change from time to time at Etsy's discretion, or otherwise applicable with local law.
Qualifications
Qualities that will help you thrive in this role are:
- Desire and ability to work in a collaborative context across many teams.
- Ability to think about threat and risk in the context of an organization’s business goals.
- Background in operational cyber security, security engineering , or information security (4 years of experience).
- Understanding of foundational cyber security concepts such as:
- Risk Identification and management
- Incident Response
- Experience at administering Vendor Management/Third Party Risk Management platforms.
- You have a strong working knowledge of information risk and/or security management frameworks and/or regulatory and compliance programs such as NIST, ISO, AT101 SOC 2, ITIL, to include development of policies, processes, and procedures within the environment.
- Experience providing input into third-party contract agreements from an information risk management, security, and privacy perspective.
- Experience supporting the design and implementation of a common and consistent vendor risk management (VRM) program to effectively manage vendor risk in accordance with internal policy and Federal/State Regulatory requirements. This includes working to gain process efficiencies and analyzing, updating, and modifying procedures and processes to continuously improve the third-party security program and/or platform.
- Experience developing and maintaining ongoing third-party risk monitoring review schedule to ensure periodic reviews are performed as described in policy, standard and procedure documentation.
- Cyber security certifications (GCIA, GCIH CISSP, SSCP, CEH, Security+ ) are highly desired.
- Excellent written & verbal communication skills.
Additional Information
What's Next
If you're interested in joining the team at Etsy, please share your resume with us and feel free to include a cover letter if you'd like. As we hope you've seen already, Etsy is a place that values individuality and variety. We don't want you to be like everyone else -- we want you to be like you! So tell us what you're all about.
Our Promise
At Etsy, we believe that a diverse, equitable and inclusive workplace furthers relevance, resilience, and longevity. We encourage people from all backgrounds, ages, abilities, and experiences to apply. Etsy is proud to be an equal opportunity workplace and is an affirmative action employer. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or Veteran status. If, due to a disability, you need an accommodation during any part of the interview process, please let your recruiter know. While Etsy supports visa sponsorship, sponsorship opportunities may be limited to certain roles and skills.
For U.S. roles only:
Many Etsy roles are open to remote candidates, and you'll be able to identify which ones within the location header of each job description. We're open to remote hires from all U.S. states except Hawaii and Alaska.
Tags: CEH CISSP Compliance GCIA GCIH Governance Incident response ITIL Monitoring NIST Privacy Risk assessment Risk management SOC SOC 2 SSCP Strategy Vendor management
Perks/benefits: Competitive pay Equity Flex hours Salary bonus
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Ethical hacker / Pentester H/F jobs
- Open Information Security Specialist jobs
- Open Manager Pentest H/F jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Cyber Security Specialist jobs
- Open Product Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Principal Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open IT Security Analyst jobs
- Open Chief Information Security Officer jobs
- Open Consultant SOC / CERT H/F jobs
- Open Cybersecurity Consultant jobs
- Open Security Specialist jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open Senior Security Architect jobs
- Open Security Operations Analyst jobs
- Open Clearance-related jobs
- Open ISO 27001-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open IDS-related jobs
- Open DevOps-related jobs
- Open Malware-related jobs
- Open Security Clearance-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs
- Open IPS-related jobs
- Open CEH-related jobs