Senior Third Party Risk & Controls Specialist
$95.6k - $143.4kHubSpot
Role Description
HubSpot is seeking a Senior Third Party Risk & Integration Security Engineer to join our expanding IAM, Third Party Risk Management, and Enterprise Application Management team. This role is based on the idea of “external party security” and combines technical security assessment expertise in vendor risk management, focusing on evaluating third-party applications, emerging AI technologies, and integration security. The ideal candidate will conduct technical assessments of vendor security controls while also supporting broader software management and identity and access management initiatives across the organization. This role is remote; candidates must be based in the Eastern Time Zone (ET).
What you’ll do
- Third-Party Risk Assessment (Primary Focus - 60%)
- Conduct technical security assessments of third-party applications, vendors, and service providers beyond traditional questionnaire-based reviews.
- Evaluate API security, authentication mechanisms, data flows, and integration architectures for vendor solutions.
- Assess generative AI vulnerabilities in third-party applications, including model security, data privacy, and information disclosure risks.
- Perform security reviews of Model Context Protocol (MCP) servers and implementations.
- Review vendor security documentation, architecture diagrams, and technical controls.
- Identify security gaps and provide risk-based recommendations and guardrails to stakeholders.
- Collaborate with procurement, legal, and business teams on vendor onboarding and ongoing monitoring requirements.
- IAM & Enterprise Application Management (40%)
- Support Shadow IT discovery and risk assessment initiatives using enterprise tooling.
- Evaluate security risks associated with unsanctioned applications and browser extensions.
- Assist with managing and reducing risk relating to non-human identity (NHI) including service accounts and API keys.
- Assess access control implementations across enterprise applications and also members of HubSpot’s global contractor base.
- Review OAuth grants, SAML configurations, and application integrations for security risks.
- Support identity governance initiatives and access certification processes.
- Collaborate and support the enterprise application management team on shared security initiatives.
Qualifications
- 5+ years of experience in application security, vendor risk management, cloud security, and/or related field.
- Experience with security frameworks (NIST CSF, ISO 27001, SOC 2, etc.).
- Strong understanding of API security (REST, GraphQL, authentication/authorization).
- Strong understanding of IAM principles (RBAC, ABAC, least privilege) and modern authentication protocols (OAuth 2.0, SAML).
- Experience with non-human identity management (service accounts, API tokens, certificates).
- Understanding of SaaS architectures, access controls, and integration security.
- Excellent prioritization, organization, and time management skills to suit a high-volume environment.
- Understanding of LLM and generative AI security challenges and the emerging threat landscape.
- Strong project management and communication skills to support a highly cross-functional work environment.
- Working knowledge of privacy and compliance standards (GDPR, CCPA, HIPAA).
- Background in technical due diligence or managing large-scale supplier security programs (preferred).
- Certifications such as CISSP, CCSP, CISM, or CRISC are a plus.
Benefits
- Annual Cash Compensation Range: $95,600 — $143,400 USD.
- Base salary, on-target commission for employees in eligible roles, and annual bonus targets under HubSpot’s bonus plan for eligible roles.
- Participation in HubSpot’s equity plan to receive restricted stock units (RSUs) for some roles.
- Potential eligibility for overtime pay.
- Tailored individual compensation packages based on skills, experience, qualifications, and other job-related reasons.
$95.6k - $143.4k
...listed on behalf of a partner company, who manages all applications and next steps. Our partner is looking for a Senior Third Party Risk & Controls Specialist based in the United States. This role focuses on strengthening enterprise security by assessing third-party...SeniorRemote jobFull timeFlexible hours$115k - $130k
...Description We are looking for a Sr. Third Party Risk Specialist to own and evolve PNM’s third-party risk... ...for someone who can operate at a senior level—balancing expert risk analysis,... ...operationalization of third party security risk controls ~Communicate complex vendor risk...SeniorFull timeWork from homeFlexible hours$26 - $38 per hour
...Job Title Our client is seeking a Senior Analyst, Third Party Risk Management to join their team! This position is remote. Core Responsibilities... ...assist with the implementation and maturation of related controls and workflows Partner cross-functionally with...SeniorLocal areaRemote work- ...Third-Party Risk Management Senior Analyst (MRA Remediation Support) - VP Level New York City, NY or Tampa, FL (Hybrid) 6-12 Months... ..., first line team within the Markets Operational Risk & Control group at Client and is responsible for developing, implementing...SeniorContract workRemote work
- ...drivers. About the Role The Global Governance, Risk, and Compliance (GRC) team is looking for a technical, security-focused Third-Party Risk Management (TPRM) Sr. Analyst. If you... ...implementing & monitoring robust technical controls and ensuring strict compliance through...SeniorHourly payContract workWork at officeLocal areaRemote workFlexible hours
- ...As the Third Party Risk Sr Analyst , you will manage vendor issues, complete quality assurance... ...adequacy and effectiveness of the test control processes in place. The role holder delivers... ...include Collaborating with senior management to influence key decisions....SeniorWork at officeLocal areaRemote work
$70k - $90k
...iCapital is looking to hire a Vendor Risk Specialist to join the Information Security team.... ...a small team to evaluate the risk of third-party vendors. Vendor risk includes information... ...including evaluation of vendor controls, practices, process enhancements, and...Full timeWork at officeRemote work- ...Citizens Bank is seeking a Third Party Risk Sr Analyst responsible for managing vendor assessment reviews and ensuring adherence to company policies. This role involves close collaboration with business leaders to evaluate vendor risks effectively. Applicants should possess...SeniorWork at officeRemote work
- ...Employer: Public Entity Risk Management Authority PERMA, a California Joint Powers Authority (JPA), is seeking a Senior Risk Control Specialist to manage PERMA's risk control program. This at-will, full-time position is responsible for planning, managing, and directing...SeniorFull timeRemote work
- ...Position Summary The Third Party Risk Analyst is responsible for executing several core third party risk management processes and identifying... ...by federal, state and local agencies. Adheres to internal control and security measures designed to ensure regulatory compliance...Full timeWork at officeLocal areaRemote workFlexible hoursNight shiftWeekend workAfternoon shiftEarly shift
$80.55k - $115k
...serves as a key advisor within Jack Henry’s Third-Party Risk Management (TPRM) program, providing... ...(TPRM) strategy. Partner with senior leadership to evaluate and enhance third... ...and regulatory expectations to identify control gaps, strengthen vendor oversight, and...Full timeWork at officeLocal areaRemote work- Crowe is seeking a Manager - Third Party Risk to oversee TPRM engagements, ensuring quality assessment and risk mitigation. The successful candidate will lead teams, manage client relationships, and guide project execution while supporting career development among team...SeniorRemote work
- ## Third Party Risk Management Analyst 2Applylocations: Scottsdale AZ - Technology & Digital Commerce... ...vendor risk assessments, evaluates control effectiveness, reviews supporting... ...organization. The position reports to the Senior Manager, GRC and partners closely with...Work experience placementWork at officeRemote workWork from homeWorldwideHome officeFlexible hoursShift work
- Third-Party Risk Management Program Officer Heritage Bank is seeking a Third-Party Risk Management Program Officer to join the Risk and Compliance... ...models, risk rating methodologies, and vendor lifecycle control checkpoints. Ensures alignment of the TPRM program with...Full timePart timeWork experience placement
$55k - $95k
...office, with a few days in office with some remote work.The Third Party Risk Management (TPRM) Event Analyst II is part of the TPRM Resilience... ..., operational risk, incident response, or related control functions are encouraged to apply. Familiarity with financial...Full timeTemporary workPart timeWork experience placementWork at officeRemote workRelocation packageFlexible hours- ...Robert Half Management Resources is currently looking for a Third Party Risk Analyst to support vendor due diligence efforts and help strengthen... ...• Assign risk ratings by analyzing inherent risk factors, control environments, and potential business impact. • Determine...Contract workRemote work
$90k - $120k
Third Party GRC Analyst job at Gulf Coast Automation Group. Los Angeles, CA. Job Title: Third... ...to find a Third Party Governance, Risk, and Compliance (GRC) Analyst! This position... ...InfoSec evaluations of vendor security controls. Assisting with key risk reporting and...Remote workVisa sponsorship- ...is collaborating with Vanguard to connect them with exceptional professionals for this role. TPRM Strategy & Governance – Third Party Risk Consultant About the role Third Party Risk Management (TPRM)’s mission is to reduce extended enterprise risk at Vanguard...Work experience placementLocal areaRemote workMonday to Friday
$88k - $141k
...realize their greatest potential. Title and Summary Senior Analyst, Risk Management Overview The Third-Party Senior Risk Analyst is a member of the Third-Party... ...appetite. Do you have an eye for identifying risks and control deficiencies? Have you ever performed vendor/...SeniorFull timePart timeWork experience placementWork at officeWorldwideFlexible hours- ...security program, including governance, risk, and compliance (GRC). This role will be... ...Experience, Trust & Safety, as well as third‑party contractors and suppliers. If you have 8... ...NIST, and ISO You have experience with control testing and evidence validation You have...SeniorFor contractorsFlexible hours
- ...Senior Project Controls Manager Los Angeles, CA, USA 170-180 per hour Hourly... ...helps coordinate the various parties to completion. •... ...designers, contractors and other third party entities to proactively identify project risks; and develop recommendations...SeniorHourly payFull timeFor contractorsWork at officeRemote workMonday to Friday
- ...this application due to a disability, contact this employer to ask for an accommodation or an alternative application process. Third Party Risk Management Analyst Full Time Alexandria, VA, US 4 days ago Requisition ID: 2244 CLASSIFICATION: Non-exempt REPORTS TO: Program...Full timeContract workWork at officeLocal areaRemote work
- ...financial institution in Johnston, RI is seeking a Senior Analyst for the Enterprise Technology & Security Risk team. This role leads the identification and... ...practices. Responsibilities include monitoring, testing controls, and overseeing documentation. Candidates should...SeniorRemote work
$84.2k - $131k
...relevant data to identify the quantitative and qualitative factors driving the credit risk for consumer & mortgage loans. Perform evaluation, implementation and monitoring of third‑party and in‑house scoring solutions. Perform model and strategy testing and assist with...SeniorFull timeTemporary workPart timeWork from home3 days per week$80.83k - $129.32k
...position is eligible for our hybrid remote work and will work in the Bethesda, MD office four days per week. Responsibilities As a Third-Party Risk Management Analyst, you will play a critical role in ensuring that our partnership with vendors and service providers are...Work at officeRemote workFlexible hours- ...pride ourselves on delivering impeccable accounting, operational, control, and technology services to our high-profile clientele,... ...community, look no further. We invite skilled professionals to join our Risk & Controls team and help us further our exceptional work...SeniorWork experience placementLocal areaRemote workFlexible hours
$136k - $226.6k
...day per week. Overview Leads risk analysis for complex initiatives... ..., operational inefficiencies, control gaps, and potential risks;... ...escalated or discovered by second‑ or third‑line functions. Spearhead... ...among cross‑functional teams and senior/executive leadership, ensuring...SeniorWork experience placementLocal areaWork from home1 day per week- ...Senior Manager, Third Party Risk Management (TPRM) Hagerty is a company built by drivers for drivers. We put our members at the center of everything... ...to critical and high-risk vendors. Offboarding controls: Establish standards for vendor offboarding that protect...SeniorContract workWork at officeRemote work3 days per week
$112k - $143k
UFG Insurance is seeking a Senior Risk Control Consultant to join their Risk Control Team in Phoenix, Arizona. This role focuses on risk assessment and provides leadership in underwriting and strategic planning. The ideal candidate should possess a bachelor's degree, relevant...SeniorRemote work$185k - $230k
...experienced Sr Account Executive -Third Party Originations to help grow and... ...and resolve pipeline risks, conditions, and bottlenecks... ...adherence to risk management, controls, and compliance expectations,... ...clients, member support team, and senior leadership. Demonstrated...SeniorFull timeRemote work
Do you want to receive more vacancies?
Subscribe and receive similar vacancies to Senior Third Party Risk & Controls Specialist. Be the first to apply!





