Security Program Manager 3rd Party Risk

Joining a leading fintech company that's democratizing finance for all.

Robinhood is democratizing finance for all. With customers at the heart of our decisions, Robinhood is lowering barriers, removing fees, and providing greater access to financial information. Together, we are building products and services that help create a financial system everyone can participate in.

Robinhood is a fast-growing company and was recognized as a CNBC Disruptor 50 and a LinkedIn Top Startup in 2019. We're continuing to grow and are looking for incredible talent that can help us achieve our mission.

Robinhood is headquartered in Menlo Park, California, with offices in Lake Mary, FL; Denver, CO; Seattle, WA; New York, NY; Dallas, TX; Tempe, AZ; Charlotte, NC; and London, UK.

This position will preferably be located in Seattle or Menlo Park.

About the team:

Robinhood is looking for seasoned program managers for our Third Party (3P Review program. This program is part of the Cyber Risk and Compliance (CRC) program under Information Security. You will work very closely with the Head of CRC to define and implement a scalable third-party security review and risk management function. You will own project plans and playbooks for one or more types of 3P reviews, including vendors, acquisitions, and security-related regulatory assessments. The right candidate may be asked to take a management role within this function, but the role is currently an individual contributor.

You will take responsibility for further developing our risk assessment instruments. You will identify opportunities for automation and propose and justify technologies to implement the automation. You will also define the process, timelines, and service level objectives for 3P assessments and establish uniform expectations for the timeliness, accuracy, and outcome of these assessments.

You will coordinate the assessments with stakeholders across Robinhood and ensure the assessment is as streamlined as possible and minimize the amount of duplication across functions. When necessary, you will be identifying necessary deep dives and develop a custom plan for performing those deep dives to ensure the output of the assessment matches expectations. As these deep dives may be conducted on site, you may be required to travel occasionally to fulfill the role. In addition, you may be required to travel on occasion between Robinhood offices.

In addition to the 3p assessments, you will participate in, and possibly lead, the Robinhood's annual top-down risk assessment. This requires working with senior engineers and engineering managers across the company and requires a familiarity with security as well as general engineering practices and terminology, in addition to standard risk management practices.

The ideal candidate will thrive on working cross-functionally, building trust and great working relationships across a number of functions. Experience as a program manager or technical program manager within a security, privacy, or risk management function is a very important qualification for this role.

What you'll do day-to-day:

• Building out and streamlining the process and instruments used for 3P assessments.
• Creating and implementing a prioritization system for third party reviews.
• Conducting assessments, including assigning questions and analyzing the answers.
• Create, track, and report back on action items from assessments.
• Write brief reports from assessments.
• Participate in risk assessments and work collaboratively on producing follow-up documentation.
• Work with the Policy Program to build security policies and standards that define the framework for 3P assessments.
• Produce regular reporting for Security Leadership and other stakeholders. ● Manage technologies used to support the program.
• Create a plan for continually improving on the program and expanding our assessment capabilities.

About you:

• Bachelor's degree or equivalent experience in Computer Science, Engineering, Information Systems, or related fields.
• 5+ years of experience in technical job roles of which at least five is program and project management.
• Experience writing clear concise technical documentation.
• Experience building and/or operating complex cross-functional programs.
• Experience in one or more security disciplines, such as those in the Common Body of Knowledge.
• Familiarity with GDPR, CCPA, or similar regulatory requirements.

Bonus points:

• Advanced degree in a related field
• 5+ years of experience in a security and/or risk management organization.
• Familiarity with Process Unity, TerraTrue, Ironclad, and/or Jira.
• Experience in a highly regulated environment and/or public companies.
• Experience with FINRA, NYDFS Part 500
• CISSP, CISM, ISSMP, or similar certification

Feeling ready to give 100% to democratizing finance for all? We'd love to have you apply, even if you feel unsure about whether you meet every single requirement in this posting. At Robinhood, we're looking for people invigorated by our mission, not just those who simply check off all the boxes.

Robinhood promotes diversity and provides equal opportunity for all applicants and employees. We are dedicated to building a company that represents a variety of backgrounds, perspectives, and skills. We believe that the more inclusive we are, the better our work (and work environment) will be for everyone. Additionally, Robinhood provides reasonable accommodations for candidates on request and respects applicants' privacy rights. To review Robinhood's Privacy Policy please visit rbnhd.co/applicant-privacy.

Robinhood's benefits include generous time off, 401(k) participation with employer match, comprehensive health coverage, a health savings account (HSA), wellness benefits, backup childcare and education stipends (all benefits are subject to applicable taxes and based on eligibility).