Security Engineer II - Security Risk Engineering

We are looking for a Senior Security Engineer focused on security risk engineering to help mature and expand our existing program. You will report to the third party risk management (TPRM) manager and your primary goal will be continuously evolving our TPRM program through automation and technology.

While the core objective is to level up our TPRM program, you will also contribute to build out our foundation in security risk engineering at Riot. Riot is an adaptive, global organization that leverages both existing and emerging technologies, internal talents and external partners to provide quality content to hundreds millions of players around the world. Thus, Riot’s profile and unique attack surface bring complex challenges for the team to effectively manage security, privacy, regulatory and reputational risk from an engineering perspective. You would have a broad technical background across a wide range of security disciplines, expertise in risk engineering, automation and have excellent reporting, writing, communication, and customer interface skills.

• Conduct risk assessments on wide range of critical suppliers, external technologies, and system integrations
• Provide practical, technical and/or administrative security recommendations for secure engagements and implementations 
• Support supplier lifecycle management programs and initiatives as a technical security SME 
• Partner with key stakeholders to mature the TPRM process through system integration and automation 
• Contribute to our remote secure access strategy by implementing and optimizing secure access solutions for vendor workers and contractors
• Contribute to our continuous monitoring program on critical third-party infrastructure by implementing monitoring solutions and exploring synergies among existing toolsets
• Contribute to our security risk engineering foundation by implementing automated tests on critical infrastructure and controls, optimizing risk remediation and producing effective, centralized risk reporting
• Maintain and improve existing automations and integrations for security systems and platforms

• Ability to communicate technical concepts to non-technical audiences
• Experience in designing and implementing secure, automated TPRM controls and lifecycle management process including vendor onboarding, monitoring, offboarding, and issue management
• Experience in implementing industry standard security frameworks and best practices at scale
• Experience in implementing security engineering tooling that enables automated control validation
• Experience in implementing system integrations between different security and IT systems to drive automation and security risk reduction 
• Experience in reviewing the security posture across a wide -range of third- party service providers, technologies, and system integrations
• 3~5 years of experience in Information Security Engineering roles
• 3~5 years of experience in Security Risk Management roles
• Proficiency in at least one programming/scripting language (Python, Go, PowerShell, etc.)
• Hands-on knowledge of cloud platforms (e.g., AWS, GCP, Azure) and their security models
• Experience with automation tooling (e.g., Terraform, workflow automation platforms)

• Working knowledge of access control and identity management systems (IAM)
• Working knowledge of cloud security and open source security
• Background in securing AI workflows and tools
• Strong ability to drive risk reporting through quantification, and data visualization
• CISSP, CISA, CRISC, or similar certifications
• Experience with GRC platforms (OneTrust, ProcessUnity, Archer, or similar)

For this role, you'll find success through craft expertise, a collaborative spirit, and decision-making that prioritizes your fellow Rioters, who are the customers of your work. Being a dedicated fan of games is not necessary for this position!

Riot focuses on work/life balance, shown by our open paid time off policy and other perks such as flexible work schedules. We offer medical, dental, and life insurance, parental leave for you, your spouse/domestic partner, and children, and a 401k with company match. Check out our benefits pages for more information.

At Riot Games, we put players first. That mission drives every decision in our quest to create games and experiences that make it better to be a player. Whether you’re working directly on a new player-facing experience or you’re supporting the company as a whole, everyone at Riot is part of our mission. And just like in our games, we’re better when we work together. Our goal is to create collaborative teams where you are empowered to bring your unique perspective everyday. If that sounds like the kind of place you want to work, we’re looking forward to your application.

It’s our policy to provide equal employment opportunity for all applicants and members of Riot Games, Inc. Riot Games makes reasonable accommodations for handicapped and disabled Rioters and does not unlawfully discriminate on the basis of race, color, religion, sex, sexual orientation, gender identity or expression, national origin, age, handicap, veteran status, marital status, criminal history, or any other category protected by applicable federal and state law. We consider for employment all qualified applicants, including those with criminal histories, in a manner consistent with applicable federal, state and local law, including the California Fair Chance Act, the City of Los Angeles Fair Chance Initiative for Hiring Ordinance, the Los Angeles County Fair Chance Ordinance for Employers, the San Francisco Fair Chance Ordinance, and the Washington Fair Chance Act.

Per the Los Angeles County Fair Chance Ordinance, the following core duties may create a basis for disqualifying candidates with relevant criminal histories:

• Safeguarding confidential and sensitive Company data
• Communication with others, including Rioters and third parties such as vendors, and/or players, including minors
• Accessing Company assets, secure digital systems, and networks
• Ensuring a safe interactive environment for players and other Rioters

These duties are directly related to essential operations, safety, trust, and compliance obligations within our organization. Please note that job duties may evolve based on business needs and additional responsibilities may be assigned as necessary to maintain operational efficiency and security.