Security Analyst

San Francisco Information Security Full-time

Blend makes the process of getting a loan simpler, faster, and safer. With its digital lending platform, Blend helps financial institutions including Wells Fargo and U.S. Bank increase productivity and deliver exceptional customer experiences. The company processes nearly $2 billion in loans daily, helping millions of consumers gain access to the capital they need to lead better lives.

As a Security Analyst, you’ll focus on our new business partnerships and third-party risk at Blend. You’ll collaborate with peers across departments to build out the structure for a scalable third party risk management system. This means that you’ll exercise your problem solving skills to answer tough questions about risk tolerance and figure out right approaches to mitigating partnership risk.

Additionally, you will enable the business to move into new areas of focus by providing broad-ranging security guidance to our Product and Engineering teams. We’ll lean on you to give the Security team a clear outlook on how much risk we are exposed to outside the bounds of the company, and you’ll help communicate that message to leadership. Our responsibility is to keep a finger on the pulse of Blend security, and your role is essential for ensuring that we can do that effectively!

How you'll contribute:

  • Own the pipeline for new partnerships and vendor risk assessments at Blend
  • Review agreements with third parties, and flag obligations or missing provisions that could expose the company to more risk
  • Develop new approaches to quantify risk, and make recommendations on how and when to address risk while supporting business initiatives
  • Drive improvements to the third-party risk management program, and build up a methodology for asking tough questions to our partners in the fintech space
  • Identify opportunities for automation, and help spec out efficient solutions for improving security controls that currently require manual effort to maintain
  • Keep key security collateral up-to-date, draft procedural documentation, perform deep dive assessments, and stay up-to-date with new business opportunities so that the team is prepared to adapt to changes to our risk landscape

Who you are:

  • Experience running due diligence assessments with third-parties (either as the assessor or the third party being assessed)
  • Strong working knowledge of SOC, PCI, NIST, and other relevant security frameworks
  • Demonstrated ability to apply rigorous tests to key security controls at an arm's length, in order to identify potential weaknesses in partner security programs
  • Exposure to cloud-based technologies such as AWS, Hashicorp, and Kubernetes
  • Strong time management skills and the ability to prioritize among multiple projects

Bonus Points!

  • BA/BS degree in relevant field preferred (e.g., Information Systems, Computer Science)
  • 2+ years of information security experience implementing and leading security controls and policies
  • Security industry certifications (CISA, CISSP, Security+, SSCP, etc.)
  • Exposure to governance frameworks such as COBIT, NIST, ITIL, ISO, FISMA, FedRAMP, HIPAA or HITRUST
  • Working proficiency in Python, Javascript, Go, or other programming languages

Benefits and Perks:

  • Meaningful equity and a 401(k) plan
  • Comprehensive health benefits
  • Sponsored gym memberships, ClassPass credits, or wellness stipend.
  • Lunch, dinner, snacks, and Pizza Fridays
  • On-site meditation, yoga, and massages
  • Flexible work schedule, with open vacation policy
  • 4 months of paid parental or personal leave
  • Convenient location, with parking programs, and flexible commuter options



Blend is an equal opportunity employer that values diversity, inclusion and belonging. We do not discriminate on the basis of race, religion, color, national origin, gender, gender identity or expression, sexual orientation, age, marital status, veteran status, disability status, or any other characteristic protected by law. We will consider for employment all qualified applicants with arrest and conviction records in a manner consistent with applicable law, including the San Francisco Fair Chance Ordinance.

Related Openings

Not what you were looking for? Check out our careers page, or get in touch.