Staff Security Assurance Engineer - Third Party Risk Management

RDQ326R19

The Databricks Security Assurance Team enables Databricks to achieve third party certifications and to manage third-party security risk in order to help secure Databricks and provide confidence to customers. As a Staff Security Assurance Engineer with a focus on third party risk management you will be responsible for managing and continually maturing the third-party risk management program at Databricks. You will be an individual contributor reporting to the Senior Director of Security Assurance.

This is a work opportunity within India.

The impact you will have:

• Own and be responsible for the Security Assurance Team’s third-party risk management program at Databricks.

• Evaluate the security program maturity security controls and security documentation of Databricks third-parties by performing security assessments and audits.

• Maintain third-party risk management assessment procedures and related documentation.

• Maintain the security language used in Databricks vendor contracts.

• Identify drive and manage third-party risk management program maturity improvements.

• Develop analyze and maintain third-party risk management program metrics.

What we look for:

We are looking for a professional with the following skills and practical experience in:

• Bachelor's degree in Computer Science or related field or equivalent experience.

• 10+ years of security experience with at least 4 years of that in third-party risk management including performing security reviews.

• Experience managing and improving third-party risk management programs.

• Experience conducting virtual or onsite security audits of vendors.

• A comprehensive understanding of security controls across all domains.

• A general understanding of key technical security controls.

• Familiarity with vendor security questionnaires for third party assessments.

• Knowledge and understanding of security regulations and standards such as SOC 2 PCI ISO 27001 etc.

• Experience working effectively across the spectrum of individual contributors and senior leadership within an organization (for example Procurement IT Security etc.).

• Experience working with internal Legal teams regarding security language in vendor contracts.

• Experience classifying vendors by criticality and security risk is preferred.

• Experience with Jira is preferred.

• Security related certifications such as CISSP is preferred.