Senior Security Analyst

Company Description

Etsy is the global marketplace for unique and creative goods. We build, power, and evolve the tools and technologies that connect millions of entrepreneurs with millions of buyers around the world. As an Etsy Inc. employee – whether a team member of Etsy, Reverb, Depop, or Elo7 – you’ll tackle unique, meaningful, and large-scale problems alongside passionate coworkers, all the while making a rewarding impact and Keeping Commerce Human.

Job Description

What’s the role?

Etsy Security seeks a Senior Security Analyst to join Etsy’s Information Security Vendor Risk team. The team is responsible for triaging and assessing our suppliers, managing remediations and approvals, developing a review process in collaboration with our compliance, sourcing, and legal teams, the creation and delivery of risk metrics, vendor incident response including investigation and reporting, and working closely with adjacent Security teams to develop and mature Etsy’s security posture. 

This is a full-time position reporting to the Engineering Manager of IT Governance, Risk, & Compliance and the base salary range will be 114,000-148,000 USD per year. In addition to salary, you will also be eligible for an equity package, an annual performance bonus, and our competitive benefits that support you and your family as part of your total rewards package at Etsy. For this role, we are considering candidates based in the United States who are either remote, flex, or office-based. Etsy offers different work modes to meet the variety of needs and preferences of our team. Learn more about our flexible work options and vaccination policy here.

What does the day-to-day look like?

• Serve as the main point of contact for risk management of third-party providers.
• Work with a cross functional team to deliver a new vendor risk review process that fits into the overall sourcing strategy.
• Triage, assess, track, and work with vendors to understand and manage risks. 
• Be responsible for tracking risks and reporting them through Enterprise Risk Management.
• Contribute to building out and maintaining the InfoSec Risk Register.
• Handle complex vendor risk assessments and is skilled in remediation, process improvement, and encourages change.
• Lead the creation and maintenance of our vendor risk management policy.
• Of course, this is just a sample of the kinds of work this role will require! You should assume that your role will encompass other tasks, too, and that your job duties and responsibilities may change from time to time at Etsy's discretion, or otherwise applicable with local law.

Qualifications

Qualities that will help you thrive in this role are:

• Desire and ability to work in a collaborative context across many teams.
• Ability to think about threat and risk in the context of an organization’s business goals.
• Background in operational cyber security, security engineering , or information security (4 years of experience).
• Understanding of foundational cyber security concepts such as:
  • Risk Identification and management
  • Incident Response
• Experience at administering Vendor Management/Third Party Risk Management platforms.
• You have a strong working knowledge of information risk and/or security management frameworks and/or regulatory and compliance programs such as NIST, ISO, AT101 SOC 2, ITIL, to include development of policies, processes, and procedures within the environment.
• Experience providing input into third-party contract agreements from an information risk management, security, and privacy perspective.
• Experience supporting the design and implementation of a common and consistent vendor risk management (VRM) program to effectively manage vendor risk in accordance with internal policy and Federal/State Regulatory requirements. This includes working to gain process efficiencies and analyzing, updating, and modifying procedures and processes to continuously improve the third-party security program and/or platform.
• Experience developing and maintaining ongoing third-party risk monitoring review schedule to ensure periodic reviews are performed as described in policy, standard and procedure documentation.
• Cyber security certifications (GCIA, GCIH CISSP, SSCP, CEH, Security+ ) are highly desired.
• Excellent written & verbal communication skills.

Additional Information

What's Next

If you're interested in joining the team at Etsy, please share your resume with us and feel free to include a cover letter if you'd like. As we hope you've seen already, Etsy is a place that values individuality and variety. We don't want you to be like everyone else -- we want you to be like you! So tell us what you're all about.

Our Promise

At Etsy, we believe that a diverse, equitable and inclusive workplace furthers relevance, resilience, and longevity. We encourage people from all backgrounds, ages, abilities, and experiences to apply. Etsy is proud to be an equal opportunity workplace and is an affirmative action employer. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or Veteran status. If, due to a disability, you need an accommodation during any part of the interview process, please let your recruiter know. While Etsy supports visa sponsorship, sponsorship opportunities may be limited to certain roles and skills.

For U.S. roles only:

Many Etsy roles are open to remote candidates, and you'll be able to identify which ones within the location header of each job description. We're open to remote hires from all U.S. states except Hawaii and Alaska.