Equinix is one of the fastest growing data center companies, growing connectivity between clients worldwide. That’s why we're always looking for creative and forward-thinking people who can help us achieve our goal of global interconnection. With 200 data centers in over 24 countries spanning across 5 continents, we are home to the Cloud, supporting over 1000 Cloud and IT services companies that are directly engaged in technological innovation and development. We are passionate about further evolving the specific areas of software development, software and network architecture, network operations and complex cloud and application solutions.
At Equinix, we make the internet work faster, better, and more reliably. We hire hardworking people who flourish solving hard problems and give them opportunities to hone new skills, try new approaches, and grow in new directions. Our culture is at the heart of our success and it’s our authentic, humble, gritty people who create The Magic of Equinix. We share a real passion for winning and put the customer at the center of everything we do.
Job Summary: We are continuing to build our Third-Party Security Risk Management Team to implement and mature the onboarding and continuous monitoring processes in place to provide a clear and updated view of the risk landscape presented by our outsourced supplier population. The Third-Party Risk Analyst will report to the Information Risk Program Manager and provide value with a critical thinking mindset and the ability to incorporate automated risk assessment workflows to measure and manage loss exposure within the Information Security Organization’s supplier portfolio. This individual will also support the execution of assessment and audit requests from our own customers to satisfy their due diligence efforts.
Lead the implementation and maturation of the third-party security risk management processes supporting new supplier onboarding and continuous monitoring.
Satisfy the security assessment and audit requests from our own customers to support their own due diligence efforts.
Support the Procurement Organization’s supplier onboarding process by performing pre- and post-contract due diligence including inherent risk triage, administration of appropriate security assessments, and issue management and remediation.
Manage a growing portfolio of suppliers requiring continuous monitoring efforts to maintain risk landscape visibility of the organization’s supply chain.
Help develop and enforce the policies governing supplier security risk assessment.
Attend meetings with internal stakeholders as needed to discuss and normalize more formalized third-party risk management processes.
Perform evaluations of vendor security practices including the review of assessment questionnaires and attestations that substantiate vendor responses.
Utilize vendor security intelligence data from providers such as RiskRecon and Bitsight to drive objectivity into vendor security assessment and help quantify third-party risk.
Create related issues associated with assessment artifact reviews and track these issues to remediation with the internal business and third-party points of contact.
Use inherent risk and security assessment review ratings to determine residual risk and define the periodicity of ongoing vendor security assessment.
Use security-related issues as input to the identification of loss event scenarios required to be tracked within the organization’s risk register.
Participate in periodic contract reviews to assure appropriate clauses exist supporting the organization’s right to audit the security practices of its third parties.
Continuously drive the maturation of the third-party and supply chain risk programs supporting the Information Security Organization’s strategic objectives.
3+ years formally executing TPRM workflows.
At least one industry recognized security and/or third-party risk management certification (CISSP, CRISC, CISA, CISM, OpenFAIR, CTPRP, C3PRMP).
Practical experience implementing and managing formalized third-party risk management workflows at scale.
Experience using industry recognized Vendor Risk Management platforms to support end to end third-party risk management workflows.
Experience using security intelligence data to identify and measure third-party risk (RiskRecon, Recorded Future, Bitsight, Security Scorecard, etc.)
Experience assessing risk with limited data and making recommendations to better inform resource prioritization decision making.
Strong critical thinking and problem-solving skills.
Strong communication, customer service and interpersonal skills.
Ability to manage multiple competing tasks and prioritize effectively.
Ability to work both independently and as part of a cross-functional team.
Experience using FAIR and RiskLens to quantify information risk as financial loss exposure faced by the organization preferred.
We offer Medical, TeleMedicine, Dental, Vision, Life and AD&D insurance, 401K, Leave of absence & disability benefits, paid time off & holidays and more.
In accordance with Colorado State Law (https://leg.colorado.gov/bills/sb19-085) the salary range for Colorado for this role is $85K- $115K per year with 15% bonus target.
Equinix is an equal opportunity employer. All applicants will receive consideration for employment without regard to race, religion, color, national origin, sex, sexual orientation, gender identity, age, status as a protected veteran, or status as a qualified individual with disability.
You're now being redirected to the application website
Fill in your details
You're now being redirected to the application website
Equal Employment Opportunity:
Equinix is an Equal Employment Opportunity and Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, sex, sexual orientation, gender identity, age, status as a protected veteran, or status as a qualified individual with disability.
Please click here to see the “EEO is the Law” poster and supplement.
Please click here to see our EEO Policy Statement.
Please click here to see our Pay Transparency Policy Statement.
A one-time (for each page view) session cookie to provide protection against a security attack called "Cross-site scripting (XSS)". This cookie is mandatory, short lived (one page interaction) and contains no candidate personally identifiable information.
A permanent long lived cookie that is associated with your device. This is used to associate your candidate actions to your CRM record.
A temporary session cookie (lasts for 20 minutes after your last interaction). This is used to associate your candidate actions into "visits or sessions" and is recorded against your CRM record. This includes location data (city, country) which allows us to provide more localised and relevant job recommendations and other career related content.