Information Security Engineer

We are seeking a Security Engineer focused on third-party security risk management to help maintain and scale our client's existing program. You will report to the third-party security manager and will support the overall operation of their third-party risk management program.

The goal is to level up 3rd party security standards, perform assessments, track and report the security posture of their vendors and partners, and leverage technology to help the client make quicker and better security-informed decisions.

You would have a broad technical background across a wide range of security disciplines and solutions and have excellent presentation, writing, communication, and customer interface skills. We are looking for someone who can take third-party security and automate and integrate that into our client's Remote Access strategy.

Responsibilities:

• Support the onboarding and oversight of important supplier and client relationships.
• Help with regulatory, client, internal or other third-party audit/assessment requests.
• Partner with internal stakeholders to help them make intelligent risk decisions in supplier selection and acquisitions.
• Prepare regular reporting on risk exposure for supplier and client audits/assessments.
• Communicate to internal stakeholders regarding third-party events.
• Contribute to team discussions to support a positive security culture and help grow our program.
• Develop or refine assessment and risk management processes.
• Partner with other security teams to automate and speed up the 3rd party risk assessment and 3rd party onboarding process.

Required Qualifications:

• Ability to communicate technical concepts to non-technical audiences.
• Experience in leading, managing information security risk assessments and audits.
• Experience in configuring, maintainng and managing GRC / TPRM solutions .
• Experience collaborating with Legal, Compliance, and Privacy teams to support specific security and regulatory requirements.
• 3+ years of experience in Information Security Risk Management, Security Engineering and/or GRC roles.

Desired Qualifications:

• Experience building security programs and processes.
• Experience in automating the auditing and assessment of information security controls.
• Working knowledge of access control and identity management systems.
• Working knowledge of network security, cloud security, and/or applicaiton security.
• CISSP, CISA, CRISC or similar certifications.
• Development experience with Python, Go or a similar language.

It’s our policy to provide equal employment opportunity for all applicants and employees of Bee Talent Solutions. The Company makes reasonable accommodations for handicapped and disabled employees and does not unlawfully discriminate on the basis of race, color, religion, sex, sexual orientation, gender identity or expression, national origin, age, handicap, veteran status, marital status, criminal history, or any other category protected by applicable federal and state law. We consider for employment all qualified applicants, including those with criminal histories, in a manner consistent with applicable federal, state and local law, including, but not limited to, the California Fair Chance Act, the City of Los Angeles Fair Chance Initiative for Hiring Ordinance, the Los Angeles County Fair Chance Ordinance for Employers, the San Francisco Fair Chance Ordinance, and the Washington Fair Chance Act.

Per the Los Angeles County Fair Chance Ordinance, the following core duties may create a basis for disqualifying candidates with relevant criminal histories:

• Safeguarding confidential and sensitive data while employed by us and while on assignment at a customer of ours
• Communication with others, including employees and third parties such as vendors, customers (including their employees), and/or players, including minors
• Accessing our or our customer’s assets, secure digital systems, and networks
• Ensuring a safe interactive environment for players, employees, and temporary workers

These duties are directly related to essential operations, safety, trust, and compliance obligations within our organization and within the organization of any customer to whom you may be assigned while employed by us. Please note that job duties may evolve based on business needs and additional responsibilities may be assigned as necessary to maintain operational efficiency and security.