We use cookies. Find out more about it here. By continuing to browse this site you are agreeing to our use of cookies.
I agree and accept cookies
Main menu
Post a Job
Request a Demo
Yes
No
Both
Advanced search
#alert
Back to search results / More jobs like this
Back to search results
Fortinet jobs

Third-Party Security Risk Analyst

Fortinet
paid holidays, sick time, 401(k)
United States, California, Sunnyvale
899 Kifer Road (Show on map)
Jan 14, 2025

Join Fortinet, a cybersecurity pioneer with over two decades of excellence, as we continue to shape the future of cybersecurity and redefine the intersection of networking and security. At Fortinet, our mission is to safeguard people, devices, and data everywhere. We are currently seeking a dynamic Third-Party Security Risk Analyst to contribute to the success of our rapidly growing business.

You would act as Third-Party Security Risk Analyst for our dynamic team. The ideal candidate will play a critical role in assessing and managing information security risks associated with third-party vendors and partners. The candidate should have expertise in conducting risk assessments, managing third-party risks, and help in maintaining the integrity and confidentiality of Fortinet data.

As a Third-Party Security Analyst, your responsibilities will include:



  • Third-Party Risk Assessments: Conduct thorough risk assessments of third-party vendors, contractors, and business partners to evaluate their security posture.
  • Security Control Evaluation: Ensure that third-party vendors meet internal security and compliance standards by evaluating their security controls (e.g., encryption, access controls, data privacy) and collaborate with stakeholders to assess the implementation and effectiveness of third-party security controls.
  • Vendor Due Diligence: Lead the due diligence process for new third-party vendors, ensuring that they meet organizational requirements and review vendor contracts to ensure inclusion of appropriate security clauses (e.g., data protection, breach notification, audit rights).
  • Ongoing Monitoring: Continuously monitor the security posture of third-party relationships and assess any emerging risks or incidents. Review and monitor vendor performance through ongoing security audits, questionnaires, and periodic reviews.
  • Incident Management & Response: Work with the incident response team to assess and mitigate security incidents related to third-party relationships.
  • Collaboration & Communication: Act as a liaison between third-party vendors and internal stakeholders (e.g., legal, procurement, compliance, IT) and provide guidance to business units and senior leadership regarding third-party risk management and security requirements.
  • Reporting & Documentation: Maintain detailed documentation of third-party assessments, risk findings, and mitigation strategies and regularly report to senior management and stakeholders on third-party security risks and compliance status.


We are looking for:



  • Bachelor's degree in information security, Computer Science, or a related field.
  • 5+ years of experience in IT security, compliance, or risk management.
  • Strong understanding of IT security technologies, including encryption, firewalls, identity and access management, and vulnerability management.
  • Proficient in using risk assessment tools and frameworks.
  • Ability to evaluate third-party vendor security and compliance documentation (e.g., SOC 2 reports, PCI DSS compliance).
  • Excellent communication skills, both written and verbal, with the ability to explain complex security issues to non-technical stakeholders.
  • Strong analytical, problem-solving, and critical thinking skills.
  • Experience working with cloud services and SaaS providers in a risk management context.
  • Experience in evaluating AI security risks with respect to third parties.
  • Experience with GRC tools.
  • Relevant certifications (CISSP, CISM, CRISC, or equivalent) are a plus.


About Our Team:

Join our team, known for its collaborative ethos, working seamlessly with global customers, internal engineering teams and product development groups. Our team culture emphasizes continuous learning, innovation, and a strong commitment to customer satisfaction. We embrace Fortinet's core values of openness, teamwork and innovation, fostering an environment where team members support each other, share knowledge, and leverage AI to solve complex technical challenges. Our inclusive and dynamic team thrives on collaboration and is driven by the shared goal of maintaining Fortinet's high standards of excellence in cybersecurity solutions.

Why Join Us:

We encourage candidates from all backgrounds and identities to apply. We offer a supportive work environment and a competitive Total Rewards package to support you with your overall health and financial well-being.

Embark on a challenging, enjoyable, and rewarding career journey with Fortinet. Join us in bringing solutions that make a meaningful and lasting impact to our 660,000+ customers around the globe.

The US base salary range for this full-time position is $150,000-$175,000. Fortinet offers employees a variety of benefits, including medical, dental, vision, life and disability insurance, 401(k), 11 paid holidays, vacation time, and sick time as well as a comprehensive leave program.

Wage ranges are based on various factors including the labor market, job type, and job level. Exact salary offers will be determined by factors such as the candidate's subject knowledge, skill level, qualifications, experience, and geographic location.

All roles are eligible to participate in the Fortinet equity program, Bonus eligibility is reviewed at time of hire and annually at the Company's discretion.

#GD

Applied = 0
MORE JOBS LIKE THIS

(web-6f6965f9bf-g8wr6)