Senior Analyst

Senior Analyst, Third Party Risk

About the Opportunity:

The Senior Analyst, Third Party Risk will play a crucial role in managing and streamlining Veza's response to customer security and risk assessments and contract security and privacy reviews. This position requires a detail-oriented and analytical individual with a strong background in information security, risk management, data privacy and contract language. The role will report into the Security & Trust Office and will be instrumental in enhancing Veza's security posture and customer relationships.

Location: Remote

Core Roles and Responsibilities:

• Third Party Risk Assessment Management
• Security and Privacy Contract Review and Negotiation
• Process Development and Optimization
• Cross-functional Collaboration
• Compliance and Security Posture Improvement

You Will:

Third Party Risk Assessment Management:

• Develop and maintain a comprehensive process for handling customer security and risk assessments and questionnaires.
• Respond to customer security inquiries, RFIs, and RFPs in a timely and accurate manner.
• Coordinate with internal teams to gather necessary information for completing assessments.
• Maintain a database of standard responses to common security questions.

Security Contract Review and Negotiation:

• Review and analyze security-related and privacy-related clauses in customer contracts and agreements.
• Collaborate with legal and sales operations teams to negotiate security terms that align with Veza's capabilities and risk tolerance.
• Develop and maintain a library of approved security language for contracts.
• Stay informed about industry standards and best practices in security contract language.

Process Development and Optimization:

• Create and implement efficient workflows for managing the influx of security assessments and contract reviews.
• Develop templates, checklists, and guidelines to ensure consistency in responses.
• Implement tools and technologies to automate and streamline the assessment and review processes.
• Continuously improve processes based on feedback and changing requirements.

Cross-functional Collaboration:

• Work closely with Sales, Legal, Product, and Engineering teams to ensure accurate and consistent responses to customer inquiries.
• Collaborate with the Security team to stay updated on Veza's security controls and practices.
• Provide regular updates to leadership on assessment trends, contract negotiations, and potential risks.

Compliance and Security Posture Improvement:

• Identify common customer security requirements and work with internal teams to address any gaps.
• Contribute to the maintenance and improvement of Veza's compliance certifications (e.g., SOC 2, ISO 27001).
• Analyze trends in customer security requirements to inform Veza's security roadmap.

Requirements:

• Bachelor's degree in Information Security, Risk Management, or a related field; Master's degree preferred.

• Minimum of 5 years of experience in information security, with a focus on third-party risk management and security assessments.

• Strong understanding of cloud security, data protection principles, data privacy, and common compliance frameworks (e.g., SOC 2, ISO 27001, GDPR).

• Experience with contract review and negotiation, particularly security-related clauses.

• Excellent analytical and problem-solving skills with meticulous attention to detail.

• Strong written and verbal communication skills, with the ability to explain complex security concepts to various audiences.

• Proficiency in using GRC (Governance, Risk, and Compliance) tools and other relevant technologies.

• Relevant certifications such as CISSP, CISA, or CRISC are highly desirable.

• Familiarity with SaaS business models and associated security challenges is a plus.

Our Culture

We’re driven to build a strong company culture and are looking for individuals with solid alignment with the following:

• Ownership Mindset
• Act with Integrity
• Guardians of our Customers
• Opinionated Humility
• Build Trust, Earn Trust

What we offer

• Competitive salary and equity packages
• 401(k) retirement plan
• Pre-tax health care, dependent care, and commuter benefits (FSA)
• Flexible medical, dental, and vision benefits
• Parental leave
• Flexible Time Off
• Monthly Connectivity Stipend

At Veza, your base pay is one part of your total compensation package. For this position, the reasonably expected pay range can be discussed with your recruiter for the level at which this job has been scoped. Your base pay will depend on several factors, including your experience, qualifications, education, location, and skills. In the event that you are considered for a different level, a higher or lower pay range would apply. This position is also eligible for equity and a competitive benefits package.

Veza is proud to be an equal opportunity employer. We are committed to equal employment opportunities regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity, veteran status, or other applicable legally protected characteristics. We also consider qualified applicants according to applicable federal, state, and local laws. If a candidate with a disability requires an accommodation during the recruitment process, please email recruiting@veza.com

About Veza

Veza is the identity security company. Identity and security teams use Veza to secure identity access across SaaS apps, on-prem apps, data systems, and cloud infrastructure. Veza solves the blind spots of traditional identity tools with its unique ability to ingest and organize permissions metadata in the Veza Authorization Graph. Global enterprises like Blackstone, Wynn Resorts, and Expedia trust Veza to visualize access permissions, monitor permissions activity, automate access reviews, and remediate privilege violations. Founded in 2020, Veza is headquartered in Redwood City, California, and is funded by Accel, Bain Capital, Ballistic Ventures, GV, Norwest Venture Partners, and True Ventures. Visit us at veza.com and follow us on LinkedIn, Twitter, and YouTube.