Apply

Ready to go for it?

AI Apply speeds things up—apply directly if you prefer.

FREE ACCESS
5,000–10,000 jobs/day
JobTailor Logo

See all jobs on JobTailor

Search thousands of fresh jobs every day.

Discover
  • Fresh listings
  • Fast filters
  • No subscription required
Create a free account and start exploring right away.
HubSpot

Senior Third Party Risk & Controls Specialist

HubSpot

Senior Third Party Risk & Controls Specialist at HubSpot focusing on technical security assessments and integration security. Evaluating third-party applications and supporting identity management initiatives.

Posted 7/7/2026full-timeRemote • New York • 🇺🇸 United StatesSenior💰 $95,600 - $143,400 per yearWebsite

Tech Stack

Tools & technologies
CloudGraphQL

About the role

Key responsibilities & impact
  • Conduct technical security assessments of third-party applications, vendors, and service providers beyond traditional questionnaire-based reviews
  • Evaluate API security, authentication mechanisms, data flows, and integration architectures for vendor solutions
  • Assess generative AI vulnerabilities in third-party applications, including model security, data privacy, and information disclosure risks
  • Perform security reviews of Model Context Protocol (MCP) servers and implementations
  • Review vendor security documentation, architecture diagrams, and technical controls
  • Identify security gaps and provide risk-based recommendations and guardrails to stakeholders
  • Collaborate with procurement, legal, and business teams on vendor onboarding and ongoing monitoring requirements.
  • Support Shadow IT discovery and risk assessment initiatives using enterprise tooling
  • Evaluate security risks associated with unsanctioned applications and browser extensions
  • Assist with managing and reducing risk relating to non-human identity (NHI) including service accounts and API keys.
  • Assess access control implementations across enterprise applications and also members of HubSpot’s global contractor base.
  • Review OAuth grants, SAML configurations, and application integrations for security risks
  • Support identity governance initiatives and access certification processes
  • Collaborate and support the enterprise application management team on shared security initiatives

Requirements

What you’ll need
  • 5+ years of experience in application security, vendor risk management, cloud security, and/or related field
  • Experience with security frameworks (NIST CSF, ISO 27001, SOC 2, etc.)
  • Strong understanding of API security (REST, GraphQL, authentication/authorization)
  • Strong understanding of IAM principles (RBAC, ABAC, least privilege) and modern authentication protocols (OAuth 2.0, SAML)
  • Experience with non-human identity management (service accounts, API tokens, certificates)
  • Understanding of SaaS architectures, access controls, and integration security
  • Excellent prioritization, organization, and time management skills to suit a high-volume environment.
  • Understanding of LLM and generative AI security challenges and the emerging threat landscape.
  • Strong project management and communication skills to support a highly cross-functional work environment.
  • Working knowledge of privacy and compliance standards (GDPR, CCPA, HIPAA)
  • Background in technical due diligence or managing large-scale supplier security programs (preferred)
  • Certifications such as CISSP, CCSP, CISM, or CRISC are a plus

Benefits

Comp & perks
  • Health insurance
  • 401(k) matching
  • Flexible working hours
  • Paid time off
  • Remote work options

ATS Keywords

✓ Tailor your resume
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
API SecurityIAM PrinciplesNon-Human Identity ManagementSaaS ArchitecturesAccess Control ImplementationsOAuth 2.0SAMLGenerative AI SecuritySecurity AssessmentsRisk Management
Soft Skills
PrioritizationOrganizationTime ManagementProject ManagementCommunication
Certifications
CISSPCCSPCISMCRISC