Groupon’s Information Security team is seeking an experienced Security Risk Analyst to assist in analyzing Groupon’s risk environment relative to third parties and internal services and assisting in recommending measures to safeguard valuable information assets and document key information and capabilities of third parties. The position is responsible for executing a portion of the Cybersecurity program designed to advise the organization on its management of third-party cybersecurity risk.

This involves an understanding of Groupon’s business requirements and a thorough understanding of regulatory requirements (such as GDPR,PCI) for both outsourced providers and internally developed solutions and how best to meet those requirements. The Analyst will develop strong partnerships with internal business partners and external vendors to ensure customer, employee, and company information is protected at the appropriate level.

The successful candidate will also be required to review and assess legal contracts as it pertains to the service providers security posture. The candidate should be able to understand legal terms and definitions and articulate potential security concerns to the Legal teams. The individual will also play a significant role in enhancing and implementing procedures to assess and risk rate the third-party information security program.
 

Professional Skills & Responsibilities

•  Perform information security due diligence on third party vendors to determine the effectiveness of their controls to protect the Company’s data, identify any discrepancies and escalate all issues to management.

• Review completed SIG questionnaires based on vendor risk and evaluate responses received from security questionnaires that align with ISO and NIST standards

• Assisting in the risk and compliance program’s design, process re-engineering or enhancements and tool and technology implementations as applicable

• Working directly with key business leaders to facilitate risk analysis and risk management processes, identifying acceptable levels of risk and establish roles and responsibilities with regards to risk management for both service providers and internal solutions

• Assist in reviewing contracts, security addendums, and data processing agreements and comment on potential concerns or issues

• Work with Procurement and Legal during the initial review of third party service providers to ensure proper diligence is performed

• Assist in the development of third party due diligence policies and standards which set the vendor requirements based on risk.

• Review current risk data to determine exceptions, trends or other changes in risk relative to the firm’s risk appetite and escalate as deemed appropriate.

• Maintain knowledge of the latest active security threats in order to understand current risks and articulate those risk to the business and vendor 

Qualifications:

• 3+ years of experience in an IT Risk, Third Party Vendor Assessment or Information Security organization with an understanding of Audit, Security and Risk.

• Working knowledge of core security concepts such as encryption, DLP, networking security, cloud security, and web security, SAML, Oauth, etc.

• Strong knowledge of PCI, SOX 404, GDPR, and other regulations/standards

• Prior experience providing and negotiating information security provisions within third-party agreements.

• Prior experience conducting information security due diligence of third-party suppliers

• Proven analytical problem-solving skills with a demonstrated ability to research problems and proactively suggest ways to better a process

• Highly motivated with demonstrated experience managing multiple projects in a fast-paced, deadline-oriented work environment

Groupon provides a global marketplace where people can buy just about anything, anywhere, anytime. We’re enabling real-time commerce across an expanding range of categories including local businesses, travel destinations, consumer products, and live or lively events. At the same time, we are providing advertising options and tools that merchants can use to grow and manage their businesses. Culturally, we believe that great people make great companies and that starting with the customer and working backward moves us forward. Community matters to us on an internal, local and global scale—it’s fundamental to our company’s growth and to the well-being of the world at large. We also value self-awareness, candor, lunch and WiFi. If we match with you, please apply to join us.