Overview
Third-Party Security Risk Analyst Jobs in Sunnyvale, California, USA at Fortinet
Title: Third-Party Security Risk Analyst
Company: Fortinet
Location: Sunnyvale, California, USA
Type: Full Time
Category: IT/Tech, Security
Join Fortinet, a cybersecurity pioneer with over two decades of excellence, as we continue to shape the future of cybersecurity and redefine the intersection of networking and security. At Fortinet, our mission is to safeguard people, devices, and data everywhere. We are currently seeking a
dynamic
Third-Party Security Risk Analyst to contribute to the success of our rapidly growing business.
You would act as Third-Party Security Risk Analyst for our
dynamic
team. The ideal candidate will play a critical role in assessing and managing information security risks associated with third-party vendors and partners. The candidate should have expertise in conducting risk assessments, managing third-party risks, and help in maintaining the integrity and confidentiality of Fortinet data. As a Third-Party Security Analyst, your responsibilities will include:
Third-Party Risk Assessments:
Conduct thorough risk assessments of third-party vendors, contractors, and business partners to evaluate their security posture.
Security Control Evaluation:
Ensure that third-party vendors meet internal security and compliance standards by evaluating their security controls (e.g., encryption, access controls, data privacy) and collaborate with stakeholders to assess the implementation and effectiveness of third-party security controls.
Vendor Due Diligence:
Lead the due diligence process for new third-party vendors, ensuring that they meet organizational requirements and review vendor contracts to ensure
inclusion
of appropriate security clauses (e.g., data protection, breach notification, audit rights).Ongoing Monitoring:
Continuously monitor the security posture of third-party relationships and assess any emerging risks or incidents. Review and monitor vendor performance through ongoing security audits, questionnaires, and periodic reviews.
Incident Management & Response:
Work with the incident response team to assess and mitigate security incidents related to third-party relationships.
Collaboration
&
Communication
:
Act as a liaison between third-party vendors and internal stakeholders (e.g., legal, procurement, compliance, IT) and provide guidance to business units and
senior leadership
regarding third-party risk management and security requirements.
Reporting & Documentation:
Maintain detailed documentation of third-party assessments, risk findings, and mitigation strategies and regularly report to
senior management
and stakeholders on third-party security risks and compliance status.
We are looking for:
Bachelor’s degree in information security, Computer Science, or a related field.
5+ years of experience in IT security, compliance, or risk management.
Strong understanding of IT security technologies, including encryption, firewalls, identity and access management, and vulnerability management.
Proficient in using
risk assessment
tools and frameworks.
Ability to evaluate third-party vendor security and compliance documentation (e.g., SOC 2 reports, PCI DSS compliance).Excellent
communication skills
, both written and verbal, with the ability to explain complex security issues to non-technical stakeholders.
Strong analytical,
problem-solving
, and
critical thinking
skills. Experience working with cloud services and SaaS providers in a ris…
