Vendor Privacy and Data Security Analyst
Facebook's mission is to give people the power to build community and bring the world closer together. Through our family of apps and services, we're building a different kind of company that connects billions of people around the world, gives them ways to share what matters most to them, and helps bring people closer together. Whether we're creating new products or helping a small business expand its reach, people at Facebook are builders at heart. Our global teams are constantly iterating, solving problems, and working together to empower people around the world to build community and connect in meaningful ways. Together, we can help people build stronger communities - we're just getting started.
Facebook is seeking a Vendor Privacy and Data Security Analyst to join the People Operations team. This position will be responsible for understanding and executing third party reviews as part of Facebook's Third Party Risk Security Program in partnership with our Information Security team. The Vendor Privacy and Data Security Analyst will be someone that has a passion for evaluating security risk posed by vendor relationships along with internal Facebook processes and technologies while empowering Facebook's culture of rapid innovation and helping demonstrate Facebook's dedication to security to the world. An ideal candidate is someone that has a passion for deepening their technical knowledge of the broad aspects of information security, not just checking the box, while working for a company that provides products and services to over a billion users. This role requires a broad mix of business and technical acumen coupled with polished communication and a strong desire to learn. This role is located in Austin, TX.
- Help demonstrate Facebook's commitment to security to internal and external stakeholders
- Identify, track, report and resolve security and risk gaps with vendors at FB
- Complete security reviews of third parties doing business with Facebook's People@ (Human Resources suppliers and partners)
- Understand technical implementation details necessary to identify and assess security risks with third parties and recommend mitigating controls
- Participate in the development and oversight of required corrective action plans relating to security risk issues specific to security reviews completed
- Understand business process and requirements relative to the specific vendor security reviews
- Drive yearly site visit timeline and approach for People@ vendors
- Create repeatable and measurable audit methodology that allows Year over Year comparisons of vendor security postures
- Coordinate with cross-functional partners to drive consistency in approach to risk identification and remediation
- Work with partners to drive remediation items to completion
- Continuous gap analysis on vendors, security best practices and policies for People@
- Partner with Security Compliance team and Third Party Risk team to ensure People@ aligns with Facebook best practices
- 5+ years of proven experience working on Information Security teams or projects
- Experience assessing Information Security risk
- Program and project management experience
- Experience with developing security reporting for a variety of audiences including internal stakeholders and external third parties
- Demonstrated experience and knowledge of key global privacy regulations
- Knowledge of security controls across all security domains such as access management, encryption methods, vulnerability management, network security, physical security, etc.
- Knowledge of processes for risk evaluation and assessing third parties across industries and against security requirements
- Experience with tools and processes leveraged to evaluate third party risk
- Bachelors in business and technology or equivalent experience
- Experience completing vendor security risk reviews and technical risk assessments
Meet Some of Facebook's Employees
Global Marketing Lead, Facebook Blueprint
As the marketing lead for Facebook’s Blueprint program, Lauren focuses on building awareness around the program and the adoption of education and training by businesses and advertisers.
Back to top