FREE ACCESS
5,000–10,000 jobs/day
See all jobs on JobTailor
Search thousands of fresh jobs every day.
Discover
- Fresh listings
- Fast filters
- No subscription required
Create a free account and start exploring right away.

Senior Third Party Risk & Controls Specialist
HubSpotSenior Third Party Risk & Controls Specialist at HubSpot focusing on technical security assessments and integration security. Evaluating third-party applications and supporting identity management initiatives.
Posted 7/7/2026full-timeRemote • New York • 🇺🇸 United StatesSenior💰 $95,600 - $143,400 per yearWebsite
Core Competencies
Role fitCore Competencies
Use this summary to align your resume positioning with the role.
Demonstrates expertise in application security, vendor risk management, and cloud security, with a strong focus on API security, identity governance, and compliance with privacy standards. Capable of conducting thorough security assessments and providing actionable recommendations to mitigate risks in third-party applications and services.
Highest-signal resume keywords
Application SecurityVendor Risk ManagementAPI SecurityIdentity GovernanceSecurity Frameworks
ATS Keywords
Tailor your resumeApplicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard Skills
API SecurityIAM PrinciplesNon-Human Identity ManagementSaaS ArchitecturesAccess Control ImplementationsOAuth 2.0SAMLGenerative AI SecuritySecurity AssessmentsRisk Management
Soft Skills
PrioritizationOrganizationTime ManagementProject ManagementCommunication
Tools & Technologies
Enterprise ToolingModel Context Protocol (MCP)Shadow IT Discovery
Certifications & Qualifications
CISSPCCSPCISMCRISC
Industry Keywords
NIST CSFISO 27001SOC 2GDPRCCPAHIPAA
Tech Stack
Tools & technologiesCloudGraphQL
About the role
Key responsibilities & impact- Conduct technical security assessments of third-party applications, vendors, and service providers beyond traditional questionnaire-based reviews
- Evaluate API security, authentication mechanisms, data flows, and integration architectures for vendor solutions
- Assess generative AI vulnerabilities in third-party applications, including model security, data privacy, and information disclosure risks
- Perform security reviews of Model Context Protocol (MCP) servers and implementations
- Review vendor security documentation, architecture diagrams, and technical controls
- Identify security gaps and provide risk-based recommendations and guardrails to stakeholders
- Collaborate with procurement, legal, and business teams on vendor onboarding and ongoing monitoring requirements.
- Support Shadow IT discovery and risk assessment initiatives using enterprise tooling
- Evaluate security risks associated with unsanctioned applications and browser extensions
- Assist with managing and reducing risk relating to non-human identity (NHI) including service accounts and API keys.
- Assess access control implementations across enterprise applications and also members of HubSpot’s global contractor base.
- Review OAuth grants, SAML configurations, and application integrations for security risks
- Support identity governance initiatives and access certification processes
- Collaborate and support the enterprise application management team on shared security initiatives
Requirements
What you’ll need- 5+ years of experience in application security, vendor risk management, cloud security, and/or related field
- Experience with security frameworks (NIST CSF, ISO 27001, SOC 2, etc.)
- Strong understanding of API security (REST, GraphQL, authentication/authorization)
- Strong understanding of IAM principles (RBAC, ABAC, least privilege) and modern authentication protocols (OAuth 2.0, SAML)
- Experience with non-human identity management (service accounts, API tokens, certificates)
- Understanding of SaaS architectures, access controls, and integration security
- Excellent prioritization, organization, and time management skills to suit a high-volume environment.
- Understanding of LLM and generative AI security challenges and the emerging threat landscape.
- Strong project management and communication skills to support a highly cross-functional work environment.
- Working knowledge of privacy and compliance standards (GDPR, CCPA, HIPAA)
- Background in technical due diligence or managing large-scale supplier security programs (preferred)
- Certifications such as CISSP, CCSP, CISM, or CRISC are a plus
Benefits
Comp & perks- Health insurance
- 401(k) matching
- Flexible working hours
- Paid time off
- Remote work options