We're seeking an experienced Security Software Engineer to help keep our users safe from real-world threats. You will build tooling, product enhancements, and work with teams to improve our overall security posture and enhance our secure development lifecycle.
\nKey Responsibilities:
\nRequirements:
\nXML job scraping automation by YubHub
","url":"https://yubhub.co/jobs/job_4c267bc5-7f8","directApply":true,"hiringOrganization":{"@type":"Organization","name":"Pinterest","sameAs":"https://www.pinterest.com/","logo":"https://logos.yubhub.co/pinterest.com.png"},"x-apply-url":"https://job-boards.greenhouse.io/pinterest/jobs/7494708","x-work-arrangement":"remote","x-experience-level":"senior","x-job-type":"full-time","x-salary-range":"$155,584-$320,320 USD","x-skills-required":["Python","Secure Development Lifecycle","Security Assessments","Cross-Functional Collaboration","AI"],"x-skills-preferred":[],"datePosted":"2026-04-18T15:52:59.014Z","jobLocation":{"@type":"Place","address":{"@type":"PostalAddress","addressLocality":"Chicago, IL, US; Remote, US"}},"jobLocationType":"TELECOMMUTE","employmentType":"FULL_TIME","occupationalCategory":"Engineering","industry":"Technology","skills":"Python, Secure Development Lifecycle, Security Assessments, Cross-Functional Collaboration, AI","baseSalary":{"@type":"MonetaryAmount","currency":"USD","value":{"@type":"QuantitativeValue","minValue":155584,"maxValue":320320,"unitText":"YEAR"}}},{"@context":"https://schema.org","@type":"JobPosting","identifier":{"@type":"PropertyValue","name":"YubHub","value":"job_c629a0da-f6c"},"title":"Security Engineer","description":"We're seeking a Security Engineer at the senior-level or above focused on hardware, embedded systems, and firmware security to own the security posture of Saronic's vessel hardware platforms from silicon to system.
\nYou will be the technical authority on hardware root of trust, secure boot, firmware integrity, embedded system hardening, and the security of third-party hardware integrations. Your work ensures that every component on the vessel is resilient against tampering, exploitation, and supply chain compromise, designed in from the start and maintained across the fleet lifecycle.
\nKey Responsibilities:
\nConduct hardware security assessments including fault injection, side-channel analysis, interface evaluation, and bus protocol analysis across Saronic-built and third-party hardware including sensors, radios, navigation systems, propulsion controllers, and communication modules
\nEvaluate and harden physical interfaces, debug ports, maintenance access points, and removable media interfaces on vessel hardware
\nEvaluate supply chain security risks for hardware components and recommend provenance validation, anti-tamper, and attestation controls
\nDevelop and maintain a hardware security testing capability including tooling, methodology, and repeatable test procedures
\nDesign and implement secure boot chains establishing hardware root of trust from power-on through application launch, integrating TPM, secure elements, and HSMs for device identity, key storage, measured boot, and remote attestation
\nDesign and implement secure firmware update mechanisms including signed updates, rollback protection, and verified delivery across the fleet
\nOwn the cryptographic key lifecycle for hardware-bound keys, including provisioning, rotation, revocation, and escrow
\nHarden embedded Linux systems on vessel platforms, including kernel configuration, mandatory access controls, secure IPC, and attack surface reduction
\nSecure operational technology protocols and interfaces used in vessel control systems, propulsion, navigation, and sensor fusion including CAN bus, NMEA, and maritime/industrial communication protocols
\nDefine security boundaries, trust zones, and segmentation strategies for vessel-internal compute and communication architectures
\nDrive threat modeling across vessel hardware subsystems and translate findings into actionable engineering requirements
\nProduce secure-by-design reference architectures and define hardware and firmware security standards, testing requirements, and acceptance criteria integrated into engineering workflows
\nRequired Qualifications:
\n6+ years of hands-on experience in hardware security, embedded systems security, firmware security, or a closely related security engineering role
\nDeep expertise in hardware hacking techniques including fault injection, side-channel attacks, JTAG/SWD exploitation, bus sniffing/injection, and physical security assessments
\nDemonstrated experience designing and implementing secure boot chains, hardware root of trust, and secure firmware update mechanisms in production systems
\nStrong experience assessing third-party hardware integrations and evaluating supply chain security risks
\nDeep knowledge of embedded Linux security hardening, kernel security, and mandatory access control frameworks
\nExperience with operational technology security, industrial protocols, or control system security
\nProficiency in C, C++, Python, or Rust in the context of firmware, embedded, or systems-level security work, and with hardware security testing tools
\nAbility to obtain and maintain a security clearance
\nPreferred Qualifications:
\nExperience in defense, aerospace, robotics, autonomy, maritime, or other high-assurance environments
\nExperience with autonomous systems, unmanned vehicles, or safety-critical embedded platforms
\nExperience with RTOS, microcontroller security, or resource-constrained device environments
\nKnowledge of CAN bus, NMEA protocols, maritime communication systems, RF/GPS/GNSS security, or ICS security standards
\nFamiliarity with defense or safety-critical compliance frameworks (NIST SP 800-53, IEC 62443, Common Criteria, or equivalent)
\nRelevant certifications such as OSEE, GXPN, GSE, or hardware-focused credentials
\nXML job scraping automation by YubHub
","url":"https://yubhub.co/jobs/job_c629a0da-f6c","directApply":true,"hiringOrganization":{"@type":"Organization","name":"Saronic Technologies","sameAs":"https://www.saronictechnologies.com/","logo":"https://logos.yubhub.co/saronictechnologies.com.png"},"x-apply-url":"https://jobs.lever.co/saronic/4b15b1b4-3c34-47ad-b964-dbcf0f8a3dc4","x-work-arrangement":"onsite","x-experience-level":"senior","x-job-type":"full-time","x-salary-range":null,"x-skills-required":["Hardware security","Embedded systems security","Firmware security","Fault injection","Side-channel analysis","Interface evaluation","Bus protocol analysis","Physical security assessments","Secure boot chains","Hardware root of trust","Firmware integrity","Embedded system hardening","Third-party hardware integrations","Supply chain security risks","Provenance validation","Anti-tamper","Attestation controls","Hardware security testing","Tooling","Methodology","Repeatable test procedures","Device identity","Key storage","Measured boot","Remote attestation","Signed updates","Rollback protection","Verified delivery","Cryptographic key lifecycle","Provisioning","Rotation","Revocation","Escrow","Embedded Linux systems","Kernel configuration","Mandatory access controls","Secure IPC","Attack surface reduction","Operational technology protocols","Industrial protocols","Control system security","CAN bus","NMEA","Maritime/industrial communication protocols","Security boundaries","Trust zones","Segmentation strategies","Threat modeling","Actionable engineering requirements","Secure-by-design reference architectures","Hardware and firmware security standards","Testing requirements","Acceptance criteria","Engineering workflows","C","C++","Python","Rust","Hardware security testing tools"],"x-skills-preferred":["Defense","Aerospace","Robotics","Autonomy","Maritime","High-assurance environments","Autonomous systems","Unmanned vehicles","Safety-critical embedded platforms","RTOS","Microcontroller security","Resource-constrained device environments","NMEA protocols","Maritime communication systems","RF/GPS/GNSS security","ICS security standards","Defense or safety-critical compliance frameworks","OSEE","GXPN","GSE","Hardware-focused credentials"],"datePosted":"2026-04-17T12:57:49.070Z","jobLocation":{"@type":"Place","address":{"@type":"PostalAddress","addressLocality":"San Francisco"}},"employmentType":"FULL_TIME","occupationalCategory":"Engineering","industry":"Technology","skills":"Hardware security, Embedded systems security, Firmware security, Fault injection, Side-channel analysis, Interface evaluation, Bus protocol analysis, Physical security assessments, Secure boot chains, Hardware root of trust, Firmware integrity, Embedded system hardening, Third-party hardware integrations, Supply chain security risks, Provenance validation, Anti-tamper, Attestation controls, Hardware security testing, Tooling, Methodology, Repeatable test procedures, Device identity, Key storage, Measured boot, Remote attestation, Signed updates, Rollback protection, Verified delivery, Cryptographic key lifecycle, Provisioning, Rotation, Revocation, Escrow, Embedded Linux systems, Kernel configuration, Mandatory access controls, Secure IPC, Attack surface reduction, Operational technology protocols, Industrial protocols, Control system security, CAN bus, NMEA, Maritime/industrial communication protocols, Security boundaries, Trust zones, Segmentation strategies, Threat modeling, Actionable engineering requirements, Secure-by-design reference architectures, Hardware and firmware security standards, Testing requirements, Acceptance criteria, Engineering workflows, C, C++, Python, Rust, Hardware security testing tools, Defense, Aerospace, Robotics, Autonomy, Maritime, High-assurance environments, Autonomous systems, Unmanned vehicles, Safety-critical embedded platforms, RTOS, Microcontroller security, Resource-constrained device environments, NMEA protocols, Maritime communication systems, RF/GPS/GNSS security, ICS security standards, Defense or safety-critical compliance frameworks, OSEE, GXPN, GSE, Hardware-focused credentials"},{"@context":"https://schema.org","@type":"JobPosting","identifier":{"@type":"PropertyValue","name":"YubHub","value":"job_4b414123-045"},"title":"Product Security Engineer II","description":"We are seeking a Product Security Engineer II to join our growing security team. This role will be critical in ensuring the security of our products across the entire software development lifecycle (SDLC) and provide support on different security initiatives.
\nYou will work closely with engineering, product, and operations teams to embed security best practices from design through to deployment.
\nKey responsibilities include:
\nSupporting the execution of a comprehensive product security strategy that aligns with the company's goals and risk appetite.\nWorking hands-on across code, infrastructure, and CI/CD to create agents, services, and pipelines that detect, prevent, and remediate risks leveraging AI where it adds value.\nDesigning, building, and operating security automation for the SDLC (code scanning, dependency risk management, secrets detection, policy-as-code) integrated into CI/CD.\nPerforming manual design and implementation reviews of Greenlight products and services from a security perspective.\nEstablishing and enforcing secure development standards (i.e., API security, security patterns, IaC, etc.) and best practices across the organization.\nServing as a subject matter expert on the practical security of our AI and LLM ecosystem. Leading threat modeling exercises for novel AI systems applying advanced security and privacy best practices.\nLeveraging automations and tools to continuously test, fuzz, and validate products and platform components for security issues.\nPerforming penetration testing and retesting to validate fixes.\nResponsible for triaging findings from security researchers and leading incident response for PSIRT.\nOn-call support for incident response and leading product-related security events and vulnerabilities.\nFostering a culture of security awareness and ownership across the Engineering and Product organizations.\nStaying current with the latest security threats, vulnerabilities, and industry best practices to continuously evolve our security controls and processes.
\nXML job scraping automation by YubHub
","url":"https://yubhub.co/jobs/job_4b414123-045","directApply":true,"hiringOrganization":{"@type":"Organization","name":"Greenlight","sameAs":"https://www.greenlight.com/","logo":"https://logos.yubhub.co/greenlight.com.png"},"x-apply-url":"https://jobs.lever.co/greenlight/6daa8340-f262-454c-be7d-e3adc813fe0e","x-work-arrangement":"remote","x-experience-level":"senior","x-job-type":"full-time","x-salary-range":null,"x-skills-required":["Node.js","Java/Kotlin","React","Redux","Swift","SwiftUI","AWS","MySQL","DynamoDB","Redis","Kubernetes","Ambassador","Helm","Rancher","SAST","DAST","IAST","Penetration testing","Fuzzing","Scripting","Automation","Exploit writing","Cloud security principles"],"x-skills-preferred":["Security assessment of IoT hardware/firmware","Contribution to security community","Experience at Fintech or similar regulated companies","Startup Agility"],"datePosted":"2026-04-17T12:36:02.056Z","jobLocationType":"TELECOMMUTE","employmentType":"FULL_TIME","occupationalCategory":"Engineering","industry":"Finance","skills":"Node.js, Java/Kotlin, React, Redux, Swift, SwiftUI, AWS, MySQL, DynamoDB, Redis, Kubernetes, Ambassador, Helm, Rancher, SAST, DAST, IAST, Penetration testing, Fuzzing, Scripting, Automation, Exploit writing, Cloud security principles, Security assessment of IoT hardware/firmware, Contribution to security community, Experience at Fintech or similar regulated companies, Startup Agility"},{"@context":"https://schema.org","@type":"JobPosting","identifier":{"@type":"PropertyValue","name":"YubHub","value":"job_ace25108-b9c"},"title":"Staff Product Security Engineer","description":"We are seeking an experienced and motivated Staff Product Security Engineer to join our growing Security team. As a Staff Product Security Engineer, you will be responsible for the end-to-end security of our consumer products, digital platform, and emerging hardware device line.
\nYour day-to-day will involve leading security architecture/design review and threat modeling sessions with product and engineering teams, translating threats into actionable, risk-rated engineering remediations prioritized by severity, conducting hands-on penetration testing and security assessments across our full product stack, and driving PSIRT operations by triaging incoming vulnerability reports, leading technical investigations, coordinating remediation with engineering, scoring severity (CVSS), managing coordinated disclosure with external researchers, and on-call incidents.
\nYou will also shape the posture of our AI-assisted development environment, defining and enforcing enterprise policies for Claude and Cursor, and partner across the organization, sitting in design review with architects, advising product managers and engineering teams on security and compliance implications of new features, briefing executives on emerging AI threats, mentoring junior security engineers, and collaborating with the AI team on securing ML pipelines.
\nAs a champion of security culture, you will run developer training on secure coding with AI assistants, evangelize security by design for products, and ensure every engineer understands that product security is an enabler and not a gate.
\nYou will bring 10+ years of product security experience spanning application security, cloud security, and secure SDLC, expert-level threat modeling using STRIDE, PASTA, or equivalent across web, mobile, cloud, embedded, and AI systems, hands-on penetration testing skills across applications, API, cloud infrastructure, and hardware/firmware, and deep hands-down AI security expertise and expert-level understanding of OWASP Top 10 for LLM, API, Web, Mobile, and practical experience with MITRE.
\nYou will have strong hands-on experience in security tools SAST, DAST, SCA, and securing AI development tools specifically Claude and Cursor, and understand MCP security risks and know how to architect enterprise guardrails that enable safe AI-assisted development.
\nYou will also have strong programming ability and capability to review code, build security tools, automate workflows, and be credible with the engineering teams you partner with.
\nPreferred experience includes hardware and embedded security experience with knowledge of secure boot, firmware integrity, hardware root of trust, and IoT threat modeling experience, and experience in the Financial industry, knowledge of PCI DSS, COPPA, or demonstrated ability to learn regulated domains quickly.
\nWork perks at Greenlight include medical, dental, vision, and HSA match, paid life insurance, AD&D, and disability benefits, traditional 401k with company match, unlimited PTO, paid company holidays and pop-up bonus holidays, professional development stipends, mental health resources, 1:1 financial planners, fertility healthcare, 100% paid parental and caregiving leave, plus cleaning service and meals during your leave, flexible WFH, both remote and in-office opportunities, fully stocked kitchen, catered lunches, and occasional in-office happy hours, and employee resource groups.
\nXML job scraping automation by YubHub
","url":"https://yubhub.co/jobs/job_ace25108-b9c","directApply":true,"hiringOrganization":{"@type":"Organization","name":"Greenlight","sameAs":"https://www.greenlight.com/","logo":"https://logos.yubhub.co/greenlight.com.png"},"x-apply-url":"https://jobs.lever.co/greenlight/18b7ac30-dbf6-4078-bf50-06772c47fdc7","x-work-arrangement":"remote","x-experience-level":"staff","x-job-type":"full-time","x-salary-range":"$165,000-200,000","x-skills-required":["product security","application security","cloud security","secure SDLC","threat modeling","penetration testing","security assessments","PSIRT operations","AI security","OWASP Top 10","MITRE","SAST","DAST","SCA","Claude","Cursor","MCP security","firmware integrity","hardware root of trust","IoT threat modeling"],"x-skills-preferred":["hardware and embedded security","PCI DSS","COPPA"],"datePosted":"2026-04-17T12:35:45.706Z","jobLocation":{"@type":"Place","address":{"@type":"PostalAddress","addressLocality":"Atlanta"}},"jobLocationType":"TELECOMMUTE","employmentType":"FULL_TIME","occupationalCategory":"Engineering","industry":"Finance","skills":"product security, application security, cloud security, secure SDLC, threat modeling, penetration testing, security assessments, PSIRT operations, AI security, OWASP Top 10, MITRE, SAST, DAST, SCA, Claude, Cursor, MCP security, firmware integrity, hardware root of trust, IoT threat modeling, hardware and embedded security, PCI DSS, COPPA","baseSalary":{"@type":"MonetaryAmount","currency":"USD","value":{"@type":"QuantitativeValue","minValue":165000,"maxValue":200000,"unitText":"YEAR"}}},{"@context":"https://schema.org","@type":"JobPosting","identifier":{"@type":"PropertyValue","name":"YubHub","value":"job_7d12908d-085"},"title":"Member of Compliance, TPRM","description":"At Anchorage Digital, we are building the world's most advanced digital asset platform for institutions to participate in crypto.
\nThe mission of this role is to support the design and enhancement of the Third Party Risk Management program, across both regulated and non-regulated entities, ensuring alignment with regulatory requirements (OCC, FFIEC, MAS, DORA, Federal Reserve, NY DFS, etc) as well as industry leading practices.
\nThis role will also identify program enhancements in support of emerging risks impacting outsourced products / services.
\nThis role will particularly contribute to the execution and optimization of due diligence and ongoing monitoring risk assessments with focus on Information Technology and Information Security as well as Quality Control process enhancement.
\nResponsibilities
\nLead and manage the Third Party Findings Management process across key risk impact categories with specific focus on: weekly, monthly and quarterly status reporting to track findings to closure in partnership with Risk SMEs, and creation of documentation to support Third Party Risk Management program evolution leveraging industry leading practices.
\nDrive the optimization of the Due Diligence and Ongoing Monitoring risk assessment process across regulated and non-regulated Anchorage Digital legal entities to include reviews of the following key risk impact categories: Financial, Business Continuity, Information Security, as well as additional risk reviews based on risk and complexity of product / service being outsourced.
\nLead and manage the TPRM Quality Control process across regulated and non-regulated Anchorage Digital legal entities, including maintaining the schedule of reviews to be performed, assessing the status of in-progress reviews, analyzing findings to identify common themes or trends for training and development, documentation and reporting to key stakeholders specific to review closure activities.
\nAssist on various TPRM Projects as needed with minimal supervision required
\nComplexity and Impact of Work
\nManage and enhance Procedures related to the Third Party Findings Management process and support the standardization of findings management across regulated and non-regulated legal entities.
\nCreate and manage Procedures related to the Third Party Risk Management Quality Control process and support the implementation of Quality Control across regulated and non-regulated legal entities.
\nOrganizational Knowledge
\nCollaborate across the organization to understand business requirements in support of TPRM Program to include regulated and non-regulated legal entities in alignment with TPRM program evolution.
\nCommunication and Influence
\nIndependently create and consistently refine summaries, reports, and governance documentation associated with the Third Party Risk Management Program
\nIndependently and consistently refine summaries, reports and governance documentation to support Third Party Findings Management program evolution.
\nEffectively communicate with stakeholders such as Risk Subject Matter Experts (SMEs) and relevant Relationship Owners and Relationship Managers.
\nYou may be a fit for this role if you have:
\nRegulated Financial Institution experience Third Party Findings Management experience Information Security assessment experience TPRM Quality Control experience
\nAlthough not a requirement, bonus points if:
\nYou previously directly worked with Financial Service regulators to include Office of the Comptroller of the Currency (OCC), New York Department of Financial Services (NY DFS), Federal Financial Institutions Examination Council (FFIEC), Monetary Authority of Singapore (MAS), and other regulatory bodies
\nYou were emotionally moved by the soundtrack to Hamilton, which chronicles the founding of a new financial system.
\nXML job scraping automation by YubHub
","url":"https://yubhub.co/jobs/job_7d12908d-085","directApply":true,"hiringOrganization":{"@type":"Organization","name":"Anchorage Digital","sameAs":"https://anchorage.com","logo":"https://logos.yubhub.co/anchorage.com.png"},"x-apply-url":"https://jobs.lever.co/anchorage/cc0ae37a-0c44-4574-8c4c-ddaa0edefc47","x-work-arrangement":"remote","x-experience-level":"mid","x-job-type":"full-time","x-salary-range":null,"x-skills-required":["Third Party Risk Management","Financial Institution experience","Information Security assessment","TPRM Quality Control","Risk Management"],"x-skills-preferred":[],"datePosted":"2026-04-17T12:18:42.195Z","jobLocation":{"@type":"Place","address":{"@type":"PostalAddress","addressLocality":"United States"}},"jobLocationType":"TELECOMMUTE","employmentType":"FULL_TIME","occupationalCategory":"Finance","industry":"Finance","skills":"Third Party Risk Management, Financial Institution experience, Information Security assessment, TPRM Quality Control, Risk Management"},{"@context":"https://schema.org","@type":"JobPosting","identifier":{"@type":"PropertyValue","name":"YubHub","value":"job_f56e4b3a-ca5"},"title":"Third Party Risk Management (TPRM) Consultant - Principal","description":"Do you want to boost your career and collaborate with expert, talented colleagues to solve and deliver against our clients' most important challenges? We are growing and are looking for people to join our team. You'll be part of an entrepreneurial, high-growth environment of 300,000 employees. Our dynamic organization allows you to work across functional business pillars, contributing your ideas, experiences, diverse thinking, and a strong mindset. Are you ready?
\nWe are seeking an experienced Principal Third Party Risk Management (TPRM) Consultant to lead and shape our Third Party Risk and GRC services within the cyber security consultancy. This is a senior leadership role responsible for driving strategy, managing complex client engagements, and delivering enterprise-scale TPRM and GRC programmes across multiple industries. As a subject matter expert in Third Party Risk Management, Governance, Risk & Compliance (GRC) and vendor risk frameworks, you will design, implement, and operate robust third-party risk management frameworks that align with regulatory, security, and business requirements. You will act as a trusted advisor to clients, lead large transformation initiatives, manage teams, and ensure high-quality delivery of risk, compliance, and assurance services.
\nKey Responsibilities:
\n· TPRM Proposals & Strategy: Lead the development of TPRM and GRC proposals, defining scope, delivery models, governance structures, and operating models and design enterprise-level Third Party Risk Management strategies aligned with regulatory, operational, and cyber risk requirements.
\n· Client Engagement Leadership: Lead and manage complex client engagements in Third Party Risk Management, vendor risk, and GRC and act as engagement lead and trusted advisor for executive stakeholders (CISO, CRO, Risk, Compliance, Procurement, Legal). In addition to that ensure successful delivery of TPRM services including assessments, frameworks, tooling, and operationalisation.
\n· Security Assessment & Audit Leadership: Lead third-party security assessments, audits, and assurance activities and define assessment methodologies, risk scoring models, control frameworks, and reporting structures as well as oversee supplier due diligence, onboarding risk processes, and continuous monitoring programmes.
\n· Technical & Methodological Authority: Serve as subject matter expert for TPRM, GRC platforms, and vendor risk methodologies and provide leadership in the use of GRC and TPRM tooling (e.g. OneTrust, Archer, ServiceNow GRC, similar platforms).
\n· Project, Delivery & Programme Leadership: Act as Project Manager, Delivery Lead, and Programme Lead for large-scale TPRM initiatives and manage multi-stream delivery, dependencies, risks, and stakeholder alignment.
\n· Team Leadership & Management: Lead, mentor, and develop a team of consultants (up to 5 direct reports) and build high-performing delivery teams and ensure capability development in TPRM and GRC.
\n· Risk & Compliance Management: Identify, assess, and manage third-party risks across cyber, operational, regulatory, and reputational domains and advise clients on risk treatment strategies, remediation plans, and control improvements.
\n· Continuous Improvement & Innovation: Drive continuous improvement in TPRM methodologies, delivery models, and service offerings and stay current with regulatory developments, emerging risks, and industry best practices in third-party risk and supply chain security.
\nRequirements
\nEssential Skills and Experience:
\n· Extensive experience in Third Party Risk Management (TPRM) and Governance, Risk & Compliance (GRC) at enterprise level.
\n· Strong background as Security Assessor, Auditor, and Risk Consultant.
\n· Proven experience leading TPRM, vendor risk, and supplier assurance programmes.
\n· Experience acting as Project Manager, Delivery Lead, and Programme Lead for complex engagements.
\n· Hands-on experience with GRC / TPRM platforms, ideally including OneTrust.
\n· Ability to design and implement third-party risk frameworks, policies, and governance models.
\n· Strong stakeholder management skills at executive and board level.
\n· Proven people management experience, including team leadership and mentoring.
\n· Ability to balance security, risk, compliance, and business enablement.
\nQualifications:
\n· Minimum 10 years of experience in cyber security, risk management, GRC, audit, or related domains.
\n· CISA (Certified Information Systems Auditor) strongly preferred.
\n· Lead Auditor certification (e.g. ISO 27001 Lead Auditor) highly desirable.
\n· Additional certifications such as CISM, CRISC, CISSP are an advantage.
\n· Experience working across multiple industries (e.g. Financial Services, Healthcare, Critical Infrastructure, Government, Technology).
\n· Experience with regulatory-driven environments and compliance-led transformation programmes.
\n_Given that this is just a short snapshot of the role we encourage you to apply even if you don't meet all the requirements listed above. We are looking for team members who strive to make an impact and are eager to learn. If this sounds like you and you feel you have the skills and experience required, then please_ _apply now._
\nBenefits
\nAbout Infosys Consulting
\nBe part of a globally renowned management consulting firm on the front-line of industry disruption and at the cutting edge of technology. We work with market leading brands across sectors. Our culture is inclusive and entrepreneurial. Being a mid-size consultancy within the scale of Infosys gives us the global reach to partner with our clients throughout their transformation journey.
\nOur core values, IC-LIFE, form a common code that helps us move forward. IC-LIFE stands for Inclusion, Equity and Diversity, Client, Leadership, Integrity, Fairness, and Excellence. To learn more about Infosys Consulting and our values, please visit our careers page.
\nWithin Europe, we are recognized as one of the UK’s top firms by the Financial Times and Forbes due to our client innovations, our cultural diversity and dedicated training and career paths. Infosys is on the Germany’s top employers list for 2023. Management Consulting Magazine named us on their list of Best Firms to Work for. Furthermore, Infosys has been recognized by the Top Employers Institute, a global certification company, for its exceptional standards in employee conditions across Europe for five years in a row.
\nWe offer industry-leading compensation and benefits, along with top training and development opportunities so that you can grow your career and achieve your personal ambitions. Curious to learn more? We’d love to hear from you.... Apply today!
\nXML job scraping automation by YubHub
","url":"https://yubhub.co/jobs/job_f56e4b3a-ca5","directApply":true,"hiringOrganization":{"@type":"Organization","name":"Infosys Consulting - Europe","sameAs":"https://jobs.workable.com","logo":"https://logos.yubhub.co/view.com.png"},"x-apply-url":"https://jobs.workable.com/view/3AGuZh2zhvyMa3e9DNdg37/remote-third-party-risk-management-(tprm)-consultant---principal-in-poland-at-infosys-consulting---europe","x-work-arrangement":"remote","x-experience-level":"senior","x-job-type":"full-time","x-salary-range":null,"x-skills-required":["Third Party Risk Management","Governance, Risk & Compliance","Vendor Risk Management","Security Assessment","Audit Leadership","Project Management","Delivery Leadership","Programme Leadership","Team Leadership","Risk Management","Compliance Management","Continuous Improvement","Innovation"],"x-skills-preferred":["OneTrust","Archer","ServiceNow GRC","CISA","Lead Auditor certification","CISM","CRISC","CISSP"],"datePosted":"2026-03-09T16:51:45.581Z","jobLocationType":"TELECOMMUTE","employmentType":"FULL_TIME","occupationalCategory":"Consulting","industry":"Technology","skills":"Third Party Risk Management, Governance, Risk & Compliance, Vendor Risk Management, Security Assessment, Audit Leadership, Project Management, Delivery Leadership, Programme Leadership, Team Leadership, Risk Management, Compliance Management, Continuous Improvement, Innovation, OneTrust, Archer, ServiceNow GRC, CISA, Lead Auditor certification, CISM, CRISC, CISSP"},{"@context":"https://schema.org","@type":"JobPosting","identifier":{"@type":"PropertyValue","name":"YubHub","value":"job_23a792a8-cc4"},"title":"Vendor Security Program Manager","description":"Job Posting
\nVendor Security Program Manager
\nLocation
\nSan Francisco; New York City; Seattle; Washington, DC
\nEmployment Type
\nFull time
\nLocation Type
\nHybrid
\nDepartment
\nSecurity
\nCompensation
\nThe base pay offered may vary depending on multiple individualized factors, including market location, job-related knowledge, skills, and experience. If the role is non-exempt, overtime pay will be provided consistent with applicable laws. In addition to the salary range listed above, total compensation also includes generous equity, performance-related bonus(es) for eligible employees, and the following benefits.
\nMore details about our benefits are available to candidates during the hiring process.
\nThis role is at-will and OpenAI reserves the right to modify base pay and other compensation components at any time based on individual performance, team or company results, or market conditions.
\nAbout the Team
\nThe Vendor Security team sits at the core of our mission to ensure our technology benefits humanity safely and securely. We provide security assurances and robust compliance frameworks for our technology, people, and products. Our mission is to build trust with the world in our products and company. Our work is technical yet highly operational, strategically aligning with security and engineering teams to navigate and mitigate risks proactively. We prioritize impact, enable innovation, and foster a culture of continuous compliance and security awareness.
\nAbout the Role
\nAs a Program Manager within the Vendor Security team, you will play a crucial role in protecting our organisation against external risks posed by suppliers, vendors, partners, and hardware manufacturers. Your responsibilities will include conducting comprehensive security assessments, building a program to manage global supply chain and vendor risks, and driving security initiatives across all of our third-party relationships. You will be analytical, detail-oriented, and proactive, capable of translating complex security evaluations into clear, actionable strategies.
\nThe role is expected to operate with a strong point of view on risk. You will be responsible not only for identifying and documenting vendor and supply-chain risk, but for helping the company make informed trade-offs between speed, scale, and security. This role requires exceptional organisational skills, the ability to effectively communicate across different business functions, and a strong commitment to operational excellence in a dynamic environment.
\nThis role may be based out of one of our US offices (San Francisco, Seattle, NYC or DC.) We use a hybrid work model of 3 days in the office per week and offer relocation assistance to new employees.
\nIn this role, you will:
\nYou might thrive in this role if you have:
\nXML job scraping automation by YubHub
","url":"https://yubhub.co/jobs/job_23a792a8-cc4","directApply":true,"hiringOrganization":{"@type":"Organization","name":"OpenAI","sameAs":"https://jobs.ashbyhq.com","logo":"https://logos.yubhub.co/openai.com.png"},"x-apply-url":"https://jobs.ashbyhq.com/openai/fb1e823e-cfcc-4293-8893-cc77e467c561","x-work-arrangement":"hybrid","x-experience-level":"senior","x-job-type":"full-time","x-salary-range":"$207K – $335K • Offers Equity","x-skills-required":["information security principles and controls","data protection","access management","proactive and reactive security measures","application security","third-party or supply chain security assessments","vendor management security program","security risk management","compliance frameworks","security awareness","operational excellence","project management","communication and interpersonal skills"],"x-skills-preferred":["cloud security","infrastructure security","threat intelligence","security analytics","incident response","security testing","penetration testing","security consulting","security training","security awareness training"],"datePosted":"2026-03-06T18:37:35.209Z","jobLocation":{"@type":"Place","address":{"@type":"PostalAddress","addressLocality":"San Francisco; New York City; Seattle; Washington, DC"}},"employmentType":"FULL_TIME","occupationalCategory":"Engineering","industry":"Technology","skills":"information security principles and controls, data protection, access management, proactive and reactive security measures, application security, third-party or supply chain security assessments, vendor management security program, security risk management, compliance frameworks, security awareness, operational excellence, project management, communication and interpersonal skills, cloud security, infrastructure security, threat intelligence, security analytics, incident response, security testing, penetration testing, security consulting, security training, security awareness training","baseSalary":{"@type":"MonetaryAmount","currency":"USD","value":{"@type":"QuantitativeValue","minValue":207000,"maxValue":335000,"unitText":"YEAR"}}},{"@context":"https://schema.org","@type":"JobPosting","identifier":{"@type":"PropertyValue","name":"YubHub","value":"job_a8e4cc8c-192"},"title":"Application Security Analyst","description":"The Senior AppSec Analyst will report to the Senior Manager of the Verification & Pentest team. This is a hybrid role, reporting to the EA office in Bucharest 3x per week.
\nWhat you'll do
\nYou search and analyze logs for Indicators of Compromise, create detections, and contribute to incident response investigations.
\nWhat you need
\nXML job scraping automation by YubHub
","url":"https://yubhub.co/jobs/job_a8e4cc8c-192","directApply":true,"hiringOrganization":{"@type":"Organization","name":"Electronic Arts","sameAs":"https://jobs.ea.com","logo":"https://logos.yubhub.co/jobs.ea.com.png"},"x-apply-url":"https://jobs.ea.com/en_US/careers/JobDetail/Application-Security-Analyst/212076","x-work-arrangement":"hybrid","x-experience-level":"senior","x-job-type":"full-time","x-salary-range":null,"x-skills-required":["application security assessment","log analysis","detection creation","incident response"],"x-skills-preferred":["cloud architecture","networking","web frameworks","mobile architecture"],"datePosted":"2026-01-01T16:56:45.362Z","jobLocation":{"@type":"Place","address":{"@type":"PostalAddress","addressLocality":"Bucharest"}},"employmentType":"FULL_TIME","occupationalCategory":"Engineering","industry":"Technology","skills":"application security assessment, log analysis, detection creation, incident response, cloud architecture, networking, web frameworks, mobile architecture"}]}