Senior Third-Party Security Risk Analyst (f/m)
Ledger
IT
Paris, France
Posted on Nov 29, 2024
We’re the forever innovators. On a mission that goes beyond business. Securing digital ownership in a changing world. Unlocking true freedom. We’re revolutionaries.
Looking beyond today. Bridging excellence and pragmatism, with ambition and conviction, to push the limits of what’s possible. That’s what you’ll do here, in this playground of innovation. With leadership and trust, you’ll write the rules of new technology, and create products that redefine security in a digital age.
Founded in 2014, Ledger is the global platform for digital assets and Web3. Over 20% of the world’s crypto assets are secured through our Ledger Nanos. Headquartered in Paris and Vierzon, with offices in UK, US, Switzerland and Singapore, Ledger has a team of more than 500 professionals developing a variety of products and services to enable individuals and companies to securely buy, store, swap, grow and manage crypto assets – including the Ledger hardware wallets line with more than 6 millions units already sold in 200 countries.
As a Senior Third-Party Security Risk Specialist at Ledger, you will play a vital role in protecting our organization and our customers from security risks associated with third-party vendors and partners. You will be contributing to our Enterprise Risk Management program, by assessing, mitigating, and monitoring risks throughout the vendor lifecycle, ensuring that our high security standards are met and that our data and systems remain secure.
Your mission
- Conduct comprehensive security assessments of third-party vendors, including reviewing their security policies, procedures, and controls.
- Proactively identify and evaluate potential security/privacy risks associated with a particular focus on those that could impact Ledger's reputation, financial stability, and customer trust.
- Develop and implement risk mitigation strategies to address identified vulnerabilities.
- Lead the collaboration with vendors to remediate security gaps and ensure compliance with Ledger's stringent security requirements.
- Establish and maintain a robust vendor security monitoring program, driving continuous improvement in vendor security posture and compliance.
- Develop, implement, and continuously improve Ledger's third-party security risk management program, including policies, standards, procedures, and tools.
- Prepare reports and presentations on vendor security risks and mitigation efforts to senior management, stakeholders, and the Comex.
- Participate in audits as part of the Privacy audit program according to the agreed annual audit plan.
What we're looking for
- Master degree in Information Security, Cybersecurity, or a related field.
- 5+ years of progressive experience in third-party risk management, with a strong background in audit, risk management, compliance, or a related control function within a complex organization.
- Proven project management skills with the ability to manage complex, cross-functional projects and maintain comprehensive documentation.
- In-depth knowledge of security frameworks and standards (e.g., ISO 27001, NIST Cybersecurity Framework) and experience in applying them to third-party risk management and regulatory requirements.
- Excellent analytical and problem-solving skills with a focus on identifying root causes and developing effective solutions.
- Strong communication and interpersonal skills, including the ability to influence and negotiate with vendors and stakeholders at all levels.
What’s in it for you
- Equity: Employees are the foundation of our success, and we award stock options so you can share in that success as we grow
- Flexibility: A hybrid work policy
- Social: Annual company outing for Ledgerdary Days, plus frequent social events, snacks and drinks
- Medical: Comprehensive health insurance policy offering extensive medical, dental and vision care coverage
- Well-being: Personal development, coaching & fitness with our dedicated partners
- Vacation: Five weeks of paid leave per year, in addition to national holidays and rest & relaxation (RTT) days
- High tech: Access to high performance office equipment and gadgets
- Transport: Ledger reimburses part of your preferred means of transportation
- Discounts: Employee discount on all our products
We are an equal opportunity employer for all without any distinction of gender, ethnicity, religion, sexual orientation, social status, disability or age.