Sr. Third-Party Security Risk Analyst

Overview

Use your customer service abilities, process management skills, knowledge of cyber and organizational security, along with an aptitude for legal implications of security terms to support the Third-Party Security Risk Management team’s mission to respond to security assessments and policy reviews that clearly convey Esri’s positions on all aspects of security and satisfy the requirements of our customers. You will be responsible for the accurate completion and timely delivery of customer security assessments, as well as policy and contractual security requirement reviews, working in collaboration with SMEs to ensure relevance and accuracy of all submitted security documentation, facilitating internal flow of project inputs, and managing production and submission of final product. Being successful in this position requires superior analytical and organizational skills, attention to detail, excellent collaboration and communication skills, discipline for accuracy, confidence, discretion, good professional judgment, and personal initiative. Depending on experience, you may also consult with account management staff and security team members on the organization’s security posture and capabilities pertaining to sales opportunities and account strategies.

Responsibilities

Use process management skills to help Esri develop a vendor risk management program capable of handling large scale risk review of its vendor ecosystem

Collaborate with security SMEs, legal staff, and Global Business Development staff within Esri to operate and improve systems and procedures for Esri’s customer trust program

Work with legal and contracts teams to address security requirements from our customers and to ensure our vendors are complying with Esri security requirements

Establish workflows, process materials, and support legal teams with security term reviews and security-focused negotiation support when needed

Receive, prioritize, and manage customer security requests (assessments, questionnaires, policy reviews, pen testing, documentation, contract terms review) and advise on course of action

Perform a variety of support and general administrative assignments in support of the audits or auditors, including filing, data entry, and tracking/correspondence while following established standards and work processes

Communicate between the business, technology and information security areas to validate questionnaire responses and for general requests associated with controls defined in standards and governing policies and procedures

Review submitted questionnaires/policies and advise requestor on course of action

Advise Esri staff on security and privacy requirements, with guidance from SMEs as needed, and maintain security knowledge base

Act as a resource and facilitate responses to general audit inquiries associated with clients and compliance audits

Successfully set priorities, perform tasks in an orderly fashion, and meet time deadlines

Requirements

5+ years of professional experience including general IT/Business responsibilities, customer/third-party interactions, Third-Party Risk Management (TPRM), IT Security and contracts/legal

Bachelor’s in security, computer science, business, project management, or related field

Proven experience providing exceptional customer service

Aptitude for legal implications of security-focused contract terms

Demonstrated experience developing or being a part of customer facing programs and/or cross functional business programs

Strong ability to coordinate with technology team members for follow-up of implemented controls and support the collection and validation of evidence as part of the risk remediation process

Experience influencing without authority, dealing with ambiguity, and balancing competing goals and objectives

Understand business/IT security and risk management controls to include experience with governance risk and compliance (GRC) tools or processes

Clear communication, strong collaboration, and finely tuned writing/editing skills

Recommended Qualifications

Security + or equivalent security certification(s)

Exposure to Esri technology, Esri project methodologies, and security topics

Experience in supporting the completion of security or compliance reviews, third-party or customer questionnaires. and familiarity with Policy/Standard reviews

Project management experience

Demonstrated success with business relations in a service-oriented business environment

Proficient with Salesforce, content management, or third-party questionnaire software such as Loopio

Familiarity with third-party risk management platforms, such as CyberGRX

SANS or equivalent security certification(s)

#LI-NR5

#LI-Hybrid

Total Rewards

Esri’s competitive total rewards strategy includes industry-leading health and welfare benefits: medical, dental, vision, basic and supplemental life insurance for employees (and their families), 401(k) and profit-sharing programs, minimum accrual of 80 hours of vacation leave, twelve paid holidays throughout the calendar year, and opportunities for personal and professional growth. Base salary is one component of our total rewards strategy. Compensation decisions and the base range for this role take into account many factors including but not limited to skill sets; experience and training; licensure and certifications; and other business and organizational needs.

A reasonable estimate of the base salary range is

$87,360—$150,800 USD

The Company

At Esri, diversity is more than just a word on a map. When employees of different experiences, perspectives, backgrounds, and cultures come together, we are more innovative and ultimately a better place to work. We believe in having a diverse workforce that is unified under our mission of creating positive global change. We understand that diversity, equity, and inclusion is not a destination but an ongoing process. We are committed to the continuation of learning, growing, and changing our workplace so every employee can contribute to their life’s best work. Our commitment to these principles extends to the global communities we serve by creating positive change with GIS technology. For more information on Esri’s Racial Equity and Social Justice initiatives, please visit our website here.

If you don’t meet all of the preferred qualifications for this position, we encourage you to still apply!

Esri is an equal opportunity employer (EOE) and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability status, protected veteran status, or any other characteristic protected by law. If you need reasonable accommodation for any part of the employment process, please email and let us know the nature of your request and your contact information. Please note that only those inquiries concerning a request for reasonable accommodation will be responded to from this e-mail address.

Esri Privacy Esri takes our responsibility to protect your privacy seriously. We are committed to respecting your privacy by providing transparency in how we acquire and use your information, giving you control of your information and preferences, and holding ourselves to the highest national and international standards, including CCPA and GDPR compliance.