Vendor Security Analyst

Pinterest•Chicago, IL

9d•Hybrid

About The Position

Millions of people around the world come to our platform to find creative ideas, dream about new possibilities and plan for memories that will last a lifetime. At Pinterest, we’re on a mission to bring everyone the inspiration to create a life they love, and that starts with the people behind the product. Discover a career where you ignite innovation for millions, transform passion into growth opportunities, celebrate each other’s unique experiences and embrace the flexibility to do your best work. Creating a career you love? It’s Possible. At Pinterest, AI isn't just a feature, it's a powerful partner that augments our creativity and amplifies our impact, and we’re looking for candidates who are excited to be a part of that. To get a complete picture of your experience and abilities, we’ll explore your foundational skills and how you collaborate with AI. Through our interview process, what matters most is that you can always explain your approach, showing us not just what you know, but how you think. You can read more about our AI interview philosophy and how we use AI in our recruiting process here. Pinterest’s Security team (Pinfosec) is seeking an experienced Vendor Security Analyst to conduct assessments of our vendors and help drive vendor and third-party security initiatives to keep our users, employees, and infrastructure safe from third-party security risk. You will have the opportunity to support the improvement of our vendor security program and GRC initiatives and provide meaningful impact in minimizing risk for Pinterest. You’re passionate about security innovation, and able to vet third-party solutions while minimizing employee friction and maximizing productivity.

Requirements

3+ years experience performing vendor security risk analysis for new and existing vendors
Experience supporting the design, management, and building of security programs and best practices
Familiarity with compliance frameworks (e.g. PCI, GDPR, SOC2, ISO27001, NIST CSF)
Good understanding of various security domains
Strong sense of ownership and comfortable with autonomy and ambiguity
Great communicator who is comfortable leading meetings and audit type interviews with vendors
Bachelor’s degree in a relevant field such as Computer Science, Engineering, or other cognitive function, or equivalent experience

Responsibilities

Perform vendor security assessments in order to minimize risk from third-party services
Support the Vendor Security lead to Maintain and improve the vendor security program while working closely with Security, Legal, IT and other internal stakeholders
Ensure vendor security issues are identified, communicated, and remediated to an acceptable level of risk
Act as the SME for High Priority Vendor Security Reviews (e.g. AI related tooling)
Interface with other teams and take a leadership role in driving vendor security initiatives
Manage the MSSP for Vendor Security when the Vendor Security Lead is unavailable
Act as the Vendor Security SME for the Onspring Risk Register and manage the maintenance and updating of Vendor Security related exceptions
Support Pinterest’s Security Governance, Risk & Compliance program on an ad hoc basis such as; Be responsible for the monthly review and maintenance of security awareness training metrics, assist in the update of security policies from time to time, assist in the audit evidence gathering for SOC 2 Type 2 compliance as required, assist in the completion of security questionnaires from Pinterest’s advertisers
You will be required to have a thorough understanding of security concepts, but you will not need to have coding experience

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume