Blend makes the process of getting a loan simpler, faster, and safer. With its digital lending platform, Blend helps financial institutions including Wells Fargo and U.S. Bank increase productivity and deliver exceptional customer experiences. The company processes nearly $2 billion in loans daily, helping millions of consumers gain access to the capital they need to lead better lives.
As a Security Analyst, you’ll focus on our new business partnerships and third-party risk at Blend. You’ll collaborate with peers across departments to build out the structure for a scalable third party risk management system. This means that you’ll exercise your problem solving skills to answer tough questions about risk tolerance and figure out right approaches to mitigating partnership risk.
Additionally, you will enable the business to move into new areas of focus by providing broad-ranging security guidance to our Product and Engineering teams. We’ll lean on you to give the Security team a clear outlook on how much risk we are exposed to outside the bounds of the company, and you’ll help communicate that message to leadership. Our responsibility is to keep a finger on the pulse of Blend security, and your role is essential for ensuring that we can do that effectively!
How you'll contribute:
- Own the pipeline for new partnerships and vendor risk assessments at Blend
- Review agreements with third parties, and flag obligations or missing provisions that could expose the company to more risk
- Develop new approaches to quantify risk, and make recommendations on how and when to address risk while supporting business initiatives
- Drive improvements to the third-party risk management program, and build up a methodology for asking tough questions to our partners in the fintech space
- Identify opportunities for automation, and help spec out efficient solutions for improving security controls that currently require manual effort to maintain
- Keep key security collateral up-to-date, draft procedural documentation, perform deep dive assessments, and stay up-to-date with new business opportunities so that the team is prepared to adapt to changes to our risk landscape
Who you are:
- Experience running due diligence assessments with third-parties (either as the assessor or the third party being assessed)
- Strong working knowledge of SOC, PCI, NIST, and other relevant security frameworks
- Demonstrated ability to apply rigorous tests to key security controls at an arm's length, in order to identify potential weaknesses in partner security programs
- Exposure to cloud-based technologies such as AWS, Hashicorp, and Kubernetes
- Strong time management skills and the ability to prioritize among multiple projects
- BA/BS degree in relevant field preferred (e.g., Information Systems, Computer Science)
- 2+ years of information security experience implementing and leading security controls and policies
- Security industry certifications (CISA, CISSP, Security+, SSCP, etc.)
- Exposure to governance frameworks such as COBIT, NIST, ITIL, ISO, FISMA, FedRAMP, HIPAA or HITRUST
Benefits and Perks:
- Meaningful equity and a 401(k) plan
- Comprehensive health benefits
- Sponsored gym memberships, ClassPass credits, or wellness stipend.
- Lunch, dinner, snacks, and Pizza Fridays
- On-site meditation, yoga, and massages
- Flexible work schedule, with open vacation policy
- 4 months of paid parental or personal leave
- Convenient location, with parking programs, and flexible commuter options