Lead Third Party Risk & Controls Specialist
HubSpot
full-time
Posted on:
Location Type: Remote
Location: Remote • 🇺🇸 United States
Visit company websiteSalary
💰 $115,400 - $184,600 per year
Job Level
Senior
Tech Stack
CloudGraphQL
About the role
- Conduct technical security assessments of third-party applications, vendors, and service providers beyond traditional questionnaire-based reviews
- Evaluate API security, authentication mechanisms, data flows, and integration architectures for vendor solutions
- Assess generative AI vulnerabilities in third-party applications, including model security, data privacy, and information disclosure risks
- Perform security reviews of Model Context Protocol (MCP) servers and implementations
- Review vendor security documentation, architecture diagrams, and technical controls
- Identify security gaps and provide risk-based recommendations and guardrails to stakeholders
- Collaborate with procurement, legal, and business teams on vendor onboarding and ongoing monitoring requirements.
- Support Shadow IT discovery and risk assessment initiatives using enterprise tooling
- Evaluate security risks associated with unsanctioned applications and browser extensions
- Assist with managing and reducing risk relating to non-human identity (NHI) including service accounts and API keys.
- Assess access control implementations across enterprise applications and also members of HubSpot’s global contractor base.
- Review OAuth grants, SAML configurations, and application integrations for security risks
- Support identity governance initiatives and access certification processes
- Collaborate and support the enterprise application management team on shared security initiatives
Requirements
- 5+ years of experience in application security, vendor risk management, cloud security, and/or related field
- Experience with security frameworks (NIST CSF, ISO 27001, SOC 2, etc.)
- Strong understanding of API security (REST, GraphQL, authentication/authorization)
- Strong understanding of IAM principles (RBAC, ABAC, least privilege) and modern authentication protocols (OAuth 2.0, SAML)
- Experience with non-human identity management (service accounts, API tokens, certificates)
- Understanding of SaaS architectures, access controls, and integration security
- Understanding of LLM and generative AI security challenges and the emerging threat landscape.
- Working knowledge of privacy and compliance standards (GDPR, CCPA, HIPAA)
- Background in technical due diligence or managing large-scale supplier security programs (preferred)
- Certifications such as CISSP, CCSP, CISM, or CRISC are a plus
Benefits
- cash compensation base salary
- annual bonus targets under HubSpot’s bonus plan for eligible roles
- participation in HubSpot’s equity plan to receive restricted stock units (RSUs)
- potential eligibility for overtime pay
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard skills
application securityvendor risk managementcloud securityAPI securityIAM principlesnon-human identity managementSaaS architecturesaccess controlsprivacy standardscompliance standards
Soft skills
collaborationrisk assessmentstakeholder communicationrecommendation development
Certifications
CISSPCCSPCISMCRISC