Develop third-party security review program and collaborate with stakeholders to implement program improvements. Work with the Legal Operations and Vendor Management stakeholders to support continuous improvement of the entire vendor lifecycle. Work closely with the business to identify, assess, and document third party relationships, including the regular review of vendors and critical outsourcing arrangements. Collaborate to devise an integrated strategy and deliverables for the company’s third-party risk roadmap. Own the implementation of robust third-party controls and monitor arrangements on an ongoing basis. Develop and maintain internal security policies, procedures, guidelines, and best practices and communicate those to stakeholders. Work across all brands to address the latest challenges and ensure systems and users are secure. Coordinate controls testing and compliance obligations for a decentralized environment to support corporate security. Assess security risk for large scale organizations, including assessing and designing internal controls utilizing experience in cloud services
organizations. Perform recurring internal security audits to improve the company’s overall security posture. Identify and assess Information Technology (IT) risks and recommend mitigating controls utilizing security knowledge across common industry security standards and experience with data security frameworks and regulatory standards. Participate in the development and oversight of required corrective action plans relating to security and compliance issues. Domestic travel required up to 10% of the time. Position allows telecommuting from anywhere in the U.S. Salary: $144,789 - $147,000 per year.
Minimum Requirements: Bachelor’s degree or U.S. equivalent in Computer Science, Network and Computer Security, Information Technology, or a related field plus 5 years of professional experience as Security Engineer, Security Compliance Analyst, or any occupation/position/job title involving IT security risk and compliance. In lieu of a Bachelor’s degree plus 5 years of experience, the employer will accept a Master’s degree or U.S. equivalent in Computer Science, Network and Computer Security, Information Technology, or a related field plus 3 years of professional experience as Security Engineer, Security Compliance Analyst, or any occupation/position/job title involving IT security risk and compliance. Must also have experience in the following: 2 years of professional experience developing IT security risk and compliance guidelines and policies to support compliance programs in the technology industry; 2 years of professional experience working with third-party industry frameworks (including VASQ, SIG, or CSA); 2 years of professional experience utilizing security frameworks (including SOC 2, PCI-DSS, or ISO27001); 2 years of professional experience with regulations governing outsourcing in technology data services, including personal information and privacy requirements; 2 years of professional experience performing operational and technology risk management.
Please send resume to: Lauren.Lozano@Match.com. Please specify ad code MTLL.
#LI-DNI