Groupon’s Information Security team is seeking an experienced Risk Analyst to assist in analyzing Groupon’s risk environment relative to third parties and internal services and assisting in recommending measures to safeguard valuable information assets and document key information and capabilities of third parties.
This involves an understanding of Groupon’s business requirements and a thorough
understanding of regulatory requirements (such as GDPR,PCI) for both outsourced providers and internally developed solutions and how best to meet those requirements. The Analyst must possess a detailed knowledge of our operations, as well as vendor assessment expertise with the goal of determining whether the third party entity has an acceptable information security program which aligns with Groupon’s cyber risk appetite.
The successful candidate will also be required to review and assess legal contracts as it pertains to the service providers security posture. The candidate should be able to understand legal terms and definitions and articulate potential security concerns to the Legal teams. The individual will also play a significant role in enhancing and implementing procedures to assess and risk rate the third-party information security program.
● Working directly with key business leaders to facilitate risk analysis, identifying
acceptable levels of risk and establish roles and responsibilities for both service
providers and internally developed solutions
● Maintaining and monitoring enterprise risk exception process to identify areas of non-compliance
● Assist in reviewing contracts, security addendums, policies, and data processing
agreements and comment on potential concerns or issues
● Interact with internal and external partners as needed to provide guidance on
implementing proper controls to mitigate any risk
● Work with Procurement and Legal during the initial review of third party service providers to ensure proper diligence is performed
● Advise the business on managing risk and review materials to identify and quantify third party exposures.
● Assessing cloud technologies such as Software as a Service (SaaS) hosted
applications, Platform as a Service (PaaS), and Infrastructure as a Service deployments (IaaS)
● Assist in the development of both third party due diligence policies and standards and internally developed solutions which set the vendor requirements based on risk.
● Review current risk data to determine exceptions, trends or other changes in risk relative to the firm’s risk appetite and escalate as deemed appropriate.
● Minimum of 5 years of experience in an IT Risk, Third Party Vendor Assessment or
Information Security organization with an understanding of Audit, Security and Risk.
● Prior experience providing and negotiating information security provisions within third-party agreements.
● Strong understanding of security standards such as NIST and ISO
● Strong knowledge of PCI, SOX 404, GDPR, and other regulations/standards
● Maintain an understanding of security best practices such as encryption standards, networking security, cloud security, and web security, etc.
● Prior experience conducting information security due diligence of third-party suppliers
● Possesses ability to clearly summarize complex problems and tailor messaging for intended audiences.
● Actively engages with other departments and teams to ensures that activities achieve the appropriate result for information security
Groupon provides a global marketplace where people can buy just about anything, anywhere, anytime. We’re enabling real-time commerce across an expanding range of categories including local businesses, travel destinations, consumer products, and live or lively events. At the same time, we are providing advertising options and tools that merchants can use to grow and manage their businesses. Culturally, we believe that great people make great companies and that starting with the customer and working backward moves us forward. Community matters to us on an internal, local and global scale—it’s fundamental to our company’s growth and to the well-being of the world at large. We also value self-awareness, candor, lunch and WiFi. If we match with you, please apply to join us.