About Pinterest:
Millions of people around the world come to our platform to find creative ideas, dream about new possibilities and plan for memories that will last a lifetime. At Pinterest, we’re on a mission to bring everyone the inspiration to create a life they love, and that starts with the people behind the product.
Discover a career where you ignite innovation for millions, transform passion into growth opportunities, celebrate each other’s unique experiences and embrace the flexibility to do your best work. Creating a career you love? It’s Possible.
Pinterest’s Security team (Pinfosec) is seeking an experienced program manager to drive vendor and third-party security initiatives to keep our users, employees, and infrastructure safe from third-party risk. You will have the opportunity to lead and improve our vendor security program and provide meaningful impact in minimizing risk for Pinterest. You’re passionate about security innovation, and able to vet third-party solutions while minimizing employee friction and maximizing productivity.
What you’ll do:
- Perform vendor security assessments in order to minimize risk from third-party services
- Maintain and improve vendor security program while working closely with Security, Legal, IT and other internal stakeholders
- Ensure vendor security issues are identified, communicated, and remediated to an acceptable level of risk
- Interface with other teams and take a leadership role in driving vendor security initiatives
- Manage a team of contractors to deliver the vendor security assessments and have oversight over their Security assessment work
- Conduct periodic reviews of the Vendor Security program to identify areas for improvement and automation and help ensure alignment with key business risks, regulatory requirements, and industry frameworks; revise program documentation as required and communicate program changes to key stakeholders to achieve buy-in
- Drive accurate program metrics through timely updates and thorough documentation of each completed assessment and coaching team members on the same
- Work closely with technology and legal partners and business units to ensure appropriate security and data protection requirements are incorporated into third-party engagements
What we’re looking for:
- 5+ years experience performing vendor security risk analysis for new and existing vendors
- 3+ years of experience managing an effective Vendor Security program
- Experience designing, managing, and building security programs and best practices
- Familiarity with compliance frameworks (e.g. PCI, GDPR, SOC2, ISO27001)
- Good understanding of various security domains
- Strong sense of ownership and comfortable with autonomy and ambiguity
- Great communicator who is comfortable leading meetings and audit type interviews with vendors
- Bachelors level degree in Computer Science or cognitive discipline, or equivalent cyber security industry experience.
In-Office Requirement Statement:
- We let the type of work you do guide the collaboration style. That means we're not always working in an office, but we continue to gather for key moments of collaboration and connection.
- This role will need to be in the office for in-person collaboration 1-2 times every 6-months, and therefore can be situated anywhere in the country.
Relocation Statement:
- This position is not eligible for relocation assistance. Visit our PinFlex page to learn more about our working model.
#LI-HYBRID
#LI-AH2
At Pinterest we believe the workplace should be equitable, inclusive, and inspiring for every employee. In an effort to provide greater transparency, we are sharing the base salary range for this position. The position is also eligible for equity. Final salary is based on a number of factors including location, travel, relevant prior experience, or particular skills and expertise.
Information regarding the culture at Pinterest and benefits available for this position can be found here.
Our Commitment to Inclusion: