Back to jobs

Cybersecurity Engineering, Staff Engineer (Third-Party Risk Analyst )

Bangalore, India

Black Duck Software, Inc. helps organizations build secure, high-quality software, minimizing risks while maximizing speed and productivity. Black Duck, a recognized pioneer in application security, provides SAST, SCA, and DAST solutions that enable teams to quickly find and fix vulnerabilities and defects in proprietary code, open source components, and application behavior. With a combination of industry-leading tools, services, and expertise, only Black Duck helps organizations maximize security and quality in DevSecOps and throughout the software development life cycle.

Cybersecurity Third-Party Risk Analyst 

At Black Duck Software, Inc., we are enthusiastic learners and seasoned inventors. We are makers and visionaries who make technology safer. We are innovators who develop the best solutions to keep your software safe. Whether you’re selling it directly to your customers or relying on it to run your operations, Black Duck helps you protect your bottom line by building trust in your software—at the speed your business demands. We embrace diversity as a company, so we can create solutions that serve not just technology but the humans behind it.

The Cybersecurity team is seeking a passionate, experienced, and collaborative Governance, Risk, and Compliance (GRC) practitioner to focus on our Third-Party Risk Management (TPRM) program.

Key Responsibilities

The Third-Party Risk Analyst supports Third-Party Risk Management (TPRM) activities and our overall GRC program. The Third-Party Risk Analyst is a critical position within the organization with supply chain risk management responsibilities affecting the organization globally. The Third-Party Risk Analyst enables and transforms the TPRM program, improves security compliance, and tracks third-party security risks with the potential to impact business operations, and develops, collects, and reports TPRM program metrics for decision-makers.

  • Leverage industry frameworks and regulatory standards such as, for example, ISO 27001, ISO 27036, NIST SP 800-53, NIST SP 800-161, NIST SP 800-171, NIST CSF, and GDPR to support TPRM activities
  • Work with internal stakeholders to build and enhance TPRM controls to improve our business risk posture
  • Build, maintain supplier database; track vendor risk assessments and compliance status
  • Engage vendors to validate compliance with contractual risk management obligations and vendor risk management framework

Qualifications

The Third-Party Risk Analyst possesses expert knowledge of computer, network, and information security methods and procedures to enable efficient, effective, and comprehensive TPRM-related business activities. The Third-Party Risk Analyst has experience with risk assessments, risk analysis, ratings, and mitigation controls. Strong analytical and critical-thinking abilities are a must.

  • Excellent oral and written communication skills are a must
  • University degree or equivalent certified education and experience
  • Strong interpersonal and collaboration skills
  • 5+ years of TPRM program implementation, processes, and practices experience
  • Familiar with ISO and NIST security control frameworks
  • Experience with TPRM tools, technology, and implementations
  • Fluent verbal and written English
  • Security credentials such as CRISC, CISSP, and related certifications preferred

About Black Duck Software, Inc. Black Duck helps organizations build secure, high-quality software, minimizing risks while maximizing speed and productivity. Black Duck, a recognized leader in application security, provides static analysis, software composition analysis, and dynamic analysis solutions that enable teams to quickly find and fix vulnerabilities and defects in proprietary code, open-source components, and application behavior. With a combination of industry-leading tools, services, and expertise, only Black Duck helps organizations maximize security and quality in DevSecOps and throughout the software development life cycle.

For more information, go to blackduck.com.

 

Black Duck considers all applicants for employment without regard to race, color, religion, sex, gender preference, national origin, age, disability, or status as a Covered Veteran in accordance with federal law. In addition, Black Duck complies with applicable state and local laws prohibiting discrimination in employment in every jurisdiction in which it maintains facilities. Black Duck also provides reasonable accommodation to individuals with a disability in accordance with applicable laws.

Apply for this job

*

indicates a required field

Resume/CV

Accepted file types: pdf, doc, docx, txt, rtf

Cover Letter

Accepted file types: pdf, doc, docx, txt, rtf