Security Technical Program Manager
Vendor security is ripe for a complete overhaul both at Snap and in the Security field. At Snap we have a mature program that needs its next level of evolution and innovation. We all know the drill for assessing vendors, but are there better, faster, more effective ways of doing it? Can we get more security value or assurance out of the process? Can the experience be improved for all parties? We need a driven, technically security focused, sharp person who can work across many different and diverse teams to innovate our security vendor program.
Location: Santa Monica, Seattle, Mountain View.
What will you do?
Scale and Manage the current 3rd party security review program to keep pace with the fast growth of Snap, while figuring out how to mature and transform it.
Evaluate and adapt to the constantly evolving security risks of vendors and supply chain to Snap.
Collaborate with Legal, Privacy and Security teams to support Regulatory audits and enhance the entire vendor lifecycle
Develop and generate metrics to drive actionable insights into managing third party risk
In addition to the Vendor Security Program this role will manage the Snap Trust Center where we respond to partner enquiries
Responsible for driving regular external penetration testing engagements on Snap’s revenue generating platform
Minimum qualifications:
Bachelor's degree in computer science or a related technical field or equivalent experience.
8+ years of experience in security advisory space, technical program management or security solution delivery. Security experience is a must have.
Experience managing 3rd party risk evaluation platforms and knowledge of industry frameworks such as VASQ, SIG and CSA
Experience working with engineers, driving security programs that have had a proven impact.
Preferred qualifications:
Proven experience of running large programs within a security field.
Master's degree in computer science or a related technical field.
Exceptional verbal and written communication skills, with mastery in the ability to tailor the message to the audience.
Experience influencing teams and other cross-functional stakeholders to drive security programs.