Senior Information Security Engineer

We are seeking a Senior Security Engineer focused on third-party security risk management to help maintain, improve, and elevate our client's existing program.

Reporting to the Third-Party Security Manager, you will support the overall operation and evolution of our third-party risk management program. The goal is to enforce and strengthen third-party security standards, perform assessments, track and report the security posture of our vendors and partners, and leverage technology to enable the client to make quicker and better security-informed decisions.

You should have a broad technical background across a wide range of security disciplines and solutions, coupled with excellent presentation, writing, communication, and customer interface skills. Additionally, we are looking for someone experienced in risk and process automation and tool integration, who can enhance third-party security and seamlessly integrate it into our Remote Access strategy.

Responsibilities

• Support the onboarding and oversight of key supplier and client relationships.
• Assist with regulatory, client, internal, or other third-party audit/assessment requests.
• Partner with internal stakeholders and senior leadership to make informed risk decisions regarding supplier selection and acquisitions.
• Prepare regular and executive-level reporting on risk exposure for supplier and client audits/assessments.
• Develop or refine assessment and risk management processes through system integration and risk automation.
• Collaborate with other security and enterprise teams to optimize the third-party onboarding process.

Required Qualifications

• Ability to communicate technical concepts to non-technical audiences.
• Extensive experience leading and managing the full lifecycle of information security risk assessments and audits.
• Deep knowledge of configuring, maintaining, and managing GRC/TPRM solutions.
• In-depth understanding of information security frameworks and technical controls, with working knowledge of various regional and international compliance and privacy regulations.
• Experience planning, developing, and implementing risk automation and system integrations to optimize third-party risk assessment and onboarding processes.
• Development experience with Python, Go, or similar programming languages.
• 5+ years of experience in Information Security Risk Management, Security Engineering, and/or GRC roles.

Desired Qualifications

• Strong knowledge of access control and identity management systems.
• Expertise in third-party continuous monitoring, supply chain monitoring, and threat intelligence.
• Familiarity with data visualization tools for operational and risk tracking and reporting.
• Working knowledge of one or more security domains, such as Identity & Access Management (I&AM), network security, cloud security, and/or application security.
• Experience developing LLM applications with frameworks such as LangChain, AutoChain, or equivalent.
• Experience developing or managing forensic watermarking tools to protect digital assets and enable traceability of leaks.
• CISSP, CISA, CRISC, or similar certifications.

For this role, you'll find success through craft expertise, a collaborative spirit, and choices that prioritize your fellow colleagues, who are the customers of your work.

It’s our policy to provide equal employment opportunity for all applicants and employees of Bee Talent Solutions. The Company makes reasonable accommodations for handicapped and disabled employees and does not unlawfully discriminate on the basis of race, color, religion, sex, sexual orientation, gender identity or expression, national origin, age, handicap, veteran status, marital status, criminal history, or any other category protected by applicable federal and state law. We consider for employment all qualified applicants, including those with criminal histories, in a manner consistent with applicable federal, state and local law, including, but not limited to, the California Fair Chance Act, the City of Los Angeles Fair Chance Initiative for Hiring Ordinance, the Los Angeles County Fair Chance Ordinance for Employers, the San Francisco Fair Chance Ordinance, and the Washington Fair Chance Act.

Per the Los Angeles County Fair Chance Ordinance, the following core duties may create a basis for disqualifying candidates with relevant criminal histories:

• Safeguarding confidential and sensitive data while employed by us and while on assignment at a customer of ours
• Communication with others, including employees and third parties such as vendors, customers (including their employees), and/or players, including minors
• Accessing our or our customer’s assets, secure digital systems, and networks
• Ensuring a safe interactive environment for players, employees, and temporary workers

These duties are directly related to essential operations, safety, trust, and compliance obligations within our organization and within the organization of any customer to whom you may be assigned while employed by us. Please note that job duties may evolve based on business needs and additional responsibilities may be assigned as necessary to maintain operational efficiency and security.