Your Opportunity

We are seeking a Third-Party Vendor & SaaS Senior Security Engineer to join a dynamic and growing team dedicated to vendor security and quality. You will bring experience in third-party risk management operations, governance,SaaS integrations, and communications to assess and manage risks while driving the security lifecycle of vendor requests.

In this role, you will:

• Support security reviews for various vendor service types, including Professional Services, Software as a Service (SaaS), and On-Premises.
• Prepare materials and documentation related to third-party security. Assist in communicating security requirements to relevant teams within the organization and vendors.
• Collaborate with security leaders, engineers, and cross-functional teams to support safeguarding company assets. Help maintain adherence to regulatory and security requirements. Protect New Relic employees and customers from security and privacy threats.
• Coordinate and support projects and tasks of the third-party risk and security assessment lifecycle.

Attention to detail, the ability to handle changing priorities, and a passion for process automation and education are critical for success in this role.

Key Responsibilities

• Vendor Security Assessments:
• Support New Relic internal business and security by maintaining third-party records, assessments completion, reassessment cadence, and communicate findings with relevant teams, under the direction of security/compliance leads.
• Security reviews include vendors with access to data and systems supporting New Relic operations and/or products.
• Verify vendor documents using checklists or templates to ensure required security and compliance elements are present and are mapped to regulatory standards (ISO 27001, SOC 2, PCI-DSS etc..).

• Assess AI-driven tools or functions in SaaS platforms, identifying security, compliance and privacy risks and implementing secure recommendations.
• Keep abreast of the latest cybersecurity trends, emerging threats and evolving standards in third- party risk management, ensuring that New Relics third-party practices remain ahead of the curve.

• Ongoing Monitoring and Risk Remediation:
• Support ongoing risk-related activities by assisting in tracking vendor exceptions and issues, updating risk profiles, and documenting remediation steps.
• Initiate and maintain a schedule of vendors due for reassessment and support the execution of reassessments by initiating workflows and completing tasks based on established procedure.
• Process Development and Integration:
• Support risk assessment frameworks tailored to vendor types and business needs.
• Execute auditing processes, including remediation implementation reviews and SaaS access controls.
• Drive technical solutions to manage vendor inventory and improve operational efficiency.
• Metrics and Reporting:
• Update dashboards and vendor records to track vendor risk management performance.
• Communicate risk insights, metrics, and remediation progress to internal business units
• Collaboration and Education:
• Collaborate with cross-functional teams for vendor security events, complete client questionnaires, and assist with customer security escalations.
• Work with cross-functional teams to align technical risks with business goals.
• Educate internal teams on securely adopting and managing external vendors.
• Support the Enterprise business with project and reporting generated by Third-party management tools.
• Stay informed on cybersecurity trends, compliance requirements, and best practices.

Qualifications

Must-Have:

• Minimum 3 years of experience in third-party risk management, vendor security assessments, or related fields.
• Expertise in evaluating diverse vendor types and implementing internal and external risk mitigation strategies.
• Understanding of data privacy principles and third-party handling of various classes of enterprise and customer data.
• Knowledgeable in LLM or AI capabilities.
• Ability to learn about new tools and technology, their security posture, and identify areas of risk.
• Strong knowledge of SaaS security, SSO configurations, and AI tool evaluations.
• Demonstrated success in process automation, workflow optimization, and scaling security operations.
• Exceptional communication skills and the ability to present Metrics and reports to internal and external New Relic business.

Nice-to-Have:

• Experience with Salesforce, GRC tools, and SaaS inventory management.
• Familiarity with security frameworks like ISO 27001, SOC 2, and NIST.
• Understanding of policy development and risk management for technical integrations.

Why Join Us?

• Collaborate with a passionate and forward-thinking team dedicated to vendor security.
• Work with cutting-edge SaaS and AI technologies in a dynamic environment.
• Enjoy competitive compensation, career growth opportunities, and the chance to make a meaningful impact.