Perform vendor security assessments in order to minimize risk from third-party services
Support the Vendor Security lead to Maintain and improve the vendor security program while working closely with Security, Legal, IT and other internal stakeholders
Ensure vendor security issues are identified, communicated, and remediated to an acceptable level of risk
Act as the SME for High Priority Vendor Security Reviews (e.g. AI related tooling)
Interface with other teams and take a leadership role in driving vendor security initiatives
Manage the MSSP for Vendor Security when the Vendor Security Lead is unavailable
Act as the Vendor Security SME for the Onspring Risk Register and manage the maintenance and updating of Vendor Security related exceptions
Support Pinterest’s Security Governance, Risk & Compliance program on an ad hoc basis such as; Be responsible for the monthly review and maintenance of security awareness training metrics, assist in the update of security policies from time to time, assist in the audit evidence gathering for SOC 2 Type 2 compliance as required, assist in the completion of security questionnaires from Pinterest’s advertisers
You will be required to have a thorough understanding of security concepts, but you will not need to have coding experience

3+ years experience performing vendor security risk analysis for new and existing vendors
Experience supporting the design, management, and building of security programs and best practices
Familiarity with compliance frameworks (e.g. PCI, GDPR, SOC2, ISO27001, NIST CSF)
Good understanding of various security domains
Strong sense of ownership and comfortable with autonomy and ambiguity
Great communicator who is comfortable leading meetings and audit type interviews with vendors
Bachelor’s degree in a relevant field such as Computer Science, Engineering, or other cognitive function, or equivalent experience

Vendor Security Analyst

Key skills