FREE ACCESS
5,000–10,000 jobs/day

See all jobs on JobTailor
Search thousands of fresh jobs every day.
Discover
- Fresh listings
- Fast filters
- No subscription required
Create a free account and start exploring right away.

Senior Third Party Risk & Controls Specialist
HubSpotSenior Third Party Risk & Controls Specialist at HubSpot focusing on technical security assessments and integration security. Evaluating third-party applications and supporting identity management initiatives.
Posted 7/7/2026full-timeRemote • New York • 🇺🇸 United StatesSenior💰 $95,600 - $143,400 per yearWebsite
Tech Stack
Tools & technologiesCloudGraphQL
About the role
Key responsibilities & impact- Conduct technical security assessments of third-party applications, vendors, and service providers beyond traditional questionnaire-based reviews
- Evaluate API security, authentication mechanisms, data flows, and integration architectures for vendor solutions
- Assess generative AI vulnerabilities in third-party applications, including model security, data privacy, and information disclosure risks
- Perform security reviews of Model Context Protocol (MCP) servers and implementations
- Review vendor security documentation, architecture diagrams, and technical controls
- Identify security gaps and provide risk-based recommendations and guardrails to stakeholders
- Collaborate with procurement, legal, and business teams on vendor onboarding and ongoing monitoring requirements.
- Support Shadow IT discovery and risk assessment initiatives using enterprise tooling
- Evaluate security risks associated with unsanctioned applications and browser extensions
- Assist with managing and reducing risk relating to non-human identity (NHI) including service accounts and API keys.
- Assess access control implementations across enterprise applications and also members of HubSpot’s global contractor base.
- Review OAuth grants, SAML configurations, and application integrations for security risks
- Support identity governance initiatives and access certification processes
- Collaborate and support the enterprise application management team on shared security initiatives
Requirements
What you’ll need- 5+ years of experience in application security, vendor risk management, cloud security, and/or related field
- Experience with security frameworks (NIST CSF, ISO 27001, SOC 2, etc.)
- Strong understanding of API security (REST, GraphQL, authentication/authorization)
- Strong understanding of IAM principles (RBAC, ABAC, least privilege) and modern authentication protocols (OAuth 2.0, SAML)
- Experience with non-human identity management (service accounts, API tokens, certificates)
- Understanding of SaaS architectures, access controls, and integration security
- Excellent prioritization, organization, and time management skills to suit a high-volume environment.
- Understanding of LLM and generative AI security challenges and the emerging threat landscape.
- Strong project management and communication skills to support a highly cross-functional work environment.
- Working knowledge of privacy and compliance standards (GDPR, CCPA, HIPAA)
- Background in technical due diligence or managing large-scale supplier security programs (preferred)
- Certifications such as CISSP, CCSP, CISM, or CRISC are a plus
Benefits
Comp & perks- Health insurance
- 401(k) matching
- Flexible working hours
- Paid time off
- Remote work options
ATS Keywords
✓ Tailor your resumeApplicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard Skills & Tools
API SecurityIAM PrinciplesNon-Human Identity ManagementSaaS ArchitecturesAccess Control ImplementationsOAuth 2.0SAMLGenerative AI SecuritySecurity AssessmentsRisk Management
Soft Skills
PrioritizationOrganizationTime ManagementProject ManagementCommunication
Certifications
CISSPCCSPCISMCRISC