The easy-to-use CRM to scale your business.
Senior Third Party Risk & Controls Specialist
Location
EST (UTC-5)
Posted
3 days ago
Salary
$95.6K - $143.4K / year
Seniority
Senior
No structured requirement data.
Job Description
Senior Third Party Risk & Controls Specialist
HubSpot
Role Description HubSpot is seeking a Senior Third Party Risk & Integration Security Engineer to join our expanding IAM, Third Party Risk Management, and Enterprise Application Management team. This role is based on the idea of “external party security” and combines technical security assessment expertise in vendor risk management, focusing on evaluating third-party applications, emerging AI technologies, and integration security. The ideal candidate will conduct technical assessments of vendor security controls while also supporting broader software management and identity and access management initiatives across the organization. This role is remote; candidates must be based in the Eastern Time Zone (ET). What you’ll do - Third-Party Risk Assessment (Primary Focus - 60%) - Conduct technical security assessments of third-party applications, vendors, and service providers beyond traditional questionnaire-based reviews. - Evaluate API security, authentication mechanisms, data flows, and integration architectures for vendor solutions. - Assess generative AI vulnerabilities in third-party applications, including model security, data privacy, and information disclosure risks. - Perform security reviews of Model Context Protocol (MCP) servers and implementations. - Review vendor security documentation, architecture diagrams, and technical controls. - Identify security gaps and provide risk-based recommendations and guardrails to stakeholders. - Collaborate with procurement, legal, and business teams on vendor onboarding and ongoing monitoring requirements. - IAM & Enterprise Application Management (40%) - Support Shadow IT discovery and risk assessment initiatives using enterprise tooling. - Evaluate security risks associated with unsanctioned applications and browser extensions. - Assist with managing and reducing risk relating to non-human identity (NHI) including service accounts and API keys. - Assess access control implementations across enterprise applications and also members of HubSpot’s global contractor base. - Review OAuth grants, SAML configurations, and application integrations for security risks. - Support identity governance initiatives and access certification processes. - Collaborate and support the enterprise application management team on shared security initiatives. Qualifications - 5+ years of experience in application security, vendor risk management, cloud security, and/or related field. - Experience with security frameworks (NIST CSF, ISO 27001, SOC 2, etc.). - Strong understanding of API security (REST, GraphQL, authentication/authorization). - Strong understanding of IAM principles (RBAC, ABAC, least privilege) and modern authentication protocols (OAuth 2.0, SAML). - Experience with non-human identity management (service accounts, API tokens, certificates). - Understanding of SaaS architectures, access controls, and integration security. - Excellent prioritization, organization, and time management skills to suit a high-volume environment. - Understanding of LLM and generative AI security challenges and the emerging threat landscape. - Strong project management and communication skills to support a highly cross-functional work environment. - Working knowledge of privacy and compliance standards (GDPR, CCPA, HIPAA). - Background in technical due diligence or managing large-scale supplier security programs (preferred). - Certifications such as CISSP, CCSP, CISM, or CRISC are a plus. Benefits - Annual Cash Compensation Range: $95,600 — $143,400 USD. - Base salary, on-target commission for employees in eligible roles, and annual bonus targets under HubSpot’s bonus plan for eligible roles. - Participation in HubSpot’s equity plan to receive restricted stock units (RSUs) for some roles. - Potential eligibility for overtime pay. - Tailored individual compensation packages based on skills, experience, qualifications, and other job-related reasons.
Related Guides
Related Categories
Related Job Pages
More Risk Jobs
Medical Risk Consultant, RN
Virtue HealthMeet Virtue Health Alliance, a private group stop loss purchasing consortium that allows employers to share risk.
• Review stop-loss claim notices and claimant medical records to identify high-cost trajectories before excess loss is incurred • Produce written clinical assessments that translate prognosis and treatment trajectory into actionable underwriting guidance • Advocate directly with stop-loss carrier partners for laser reduction or removal at renewal • Deliver clinical education to internal staff, TPA partners, and the adviser network on high-cost diagnoses
Role Description - Responsible for the daily overall monitoring of transaction risk control strategies, maintaining data dashboards, and conducting routine strategy operations to ensure the smooth and stable operation of the risk control system. - Assist risk control analysts in processing and extracting massive amounts of business data; perform data mining and deep analysis to accurately identify abnormal transaction behaviors and potential risk features. - Assist in tracking and evaluating the interception effectiveness and false positive rates (FP rates) of existing risk control strategies, providing data support for strategy iteration and optimization. - Assist in organizing daily risk control data and participate in drafting business risk analysis reports, as well as weekly and monthly updates. Qualifications - Current undergraduate or postgraduate students. Majors in STEM fields such as Statistics, Mathematics, Computer Science, Financial Engineering, or Big Data are preferred. - Possess solid data analysis capabilities; proficient in SQL to efficiently extract required data from databases; skilled in using Excel for data processing. - Highly sensitive to data, with excellent logical thinking and problem-solving/deconstructing skills; rigorous, detail-oriented, and possesses a strong sense of responsibility. - Strong communication and expression skills, a good team player, and able to integrate into the team quickly. Benefits - Study Growth Fund: We support your professional development and continuous learning. - Internal Events: Participate in regular team-building activities, workshops, and events designed to promote collaboration and innovation. - Global Collaboration: Be part of a diverse, international team, working alongside colleagues from around the world. - Career Advancement: Access opportunities for growth and advancement within a rapidly expanding global company. - Internal Mobility: Grow with us - Your long-term development is important to us. We offer internal job opportunities to help build your career path.
Role Description The role seeks a skilled researcher with a background in security or risk control. You will be responsible for: - Analyzing blockchain data to identify and flag abnormal cases. - Tracing and leading forensic investigations into real-world crypto theft, scams, and market manipulation. - Studying vulnerabilities and security issues related to blockchain protocols and smart contracts. - Writing high-quality industry or academic research reports and papers. - Collaborating with development teams to improve blockchain data collection and threat identification. - Partnering with internal and external stakeholders to handle accident/incident responses. Qualifications - Bachelor’s, Master’s, or Ph.D. in Blockchain Security, Computer Science, Data Science, or a related field. - A strong track record of publications in top-level industry or academic conferences is highly valued. - Proficiency in languages used for blockchain analytics (e.g., SQL, Python, JavaScript). - Hands-on experience with blockchain monitoring/forensic tools and analytics platforms. - Deep understanding of blockchain protocols, smart contracts, consensus mechanisms, and cryptography. - Effective communication and strong collaboration abilities. Benefits - Study Growth Fund: We support your professional development and continuous learning. - Internal Events: Participate in regular team-building activities, workshops, and events designed to promote collaboration and innovation. - Global Collaboration: Be part of a diverse, international team, working alongside colleagues from around the world. - Career Advancement: Access opportunities for growth and advancement within a rapidly expanding global company. - Internal Mobility: Grow with us - Your long-term development is important to us. We offer internal job opportunities to help build your career path.
• Conduct risk control inspections and building valuations as assigned. • Prepare written inspection, risk management, and valuation reports in line with company guidelines, procedures, and established timelines. • Develop and recommend strategies to control and reduce identified risks. • Consult with customers on child protection protocols and compliance audit requirements. • Communicate and liaise effectively with internal and external stakeholders. • Provide technical support, including training for internal teams and external customers.


