Information Security Analyst

Our Company

Changing the world through digital experiences is what Adobe's all about. We give everyone-from emerging artists to global brands-everything they need to design and deliver exceptional digital experiences! We're passionate about empowering people to create beautiful and powerful images, videos, and apps, and transform how companies interact with customers across every screen.

We're on a mission to hire the very best and are committed to creating exceptional employee experiences where everyone is respected and has access to equal opportunity. We realize that new ideas can come from everywhere in the organization, and we know the next big idea could be yours!

The Opportunity:

As an Information Security Analyst, with focus on vendor security risk management, you will be joining Adobe's vendor security risk management team responsible for performing vendor security reviews; monitor and respond to vendor security risk throughout vendor's lifecycle.

We are looking for a passionate risk professional with deep knowledge about technical security controls, security regulations, experience with metrics reporting and data analysis, and experience with security monitoring platforms.

What You'll Do:

• Work directly with business and technology partners, vendors, and legal to assess vendor security issues and risks, prioritize risk mitigation activities and guide the business to make risk-based decisions.

• Communicate to business units and cross-functional teams regarding significant third-party information security risks and escalate to senior management, when applicable

• Evaluate information security program maturity, security controls, and security documentation for Adobe's strategic vendors

• Review contracts, project documentation, system design documents, vendor security policies and other vendor security references (i.e. SOC II type 2, SIG, AUP, PCI ROC, BitSight, etc.) to determine the extent, type, and scope of risks of the vendor relationship.

• Support legal team with negotiation around Information security contract requirements

• Collaborate with cross-functional departments within Security, Procurement, Legal on process improvements and workflow integrations to provide improved customer experience

• Analyze data, develop metrics and dashboard (on powerBI, JIRA or similar), for executive reporting.

• Benchmark the program against the industry standards for third-party risk managment to propose, drive and implement improvements.

• Research and collaborate with other security teams on emerging technologies and security associated with them to enhance vendor security processes.

• Develop continuous vendor monitoring capability by implementing BitSight or similar technology.

• Develop automation or enhancements to improve program efficiency.

Required Skill to be Successful:

• Bachelor's Degree in computer science (or similar)

• At least 5 years of experience in security specially in vendor security reviews and risk management area

• Knowledge of third-party risk management concepts or solid understanding of IT general control and information security principles.

• Understanding of industry-recognized compliance/risk frameworks such as NIST (National Institute of Standards and Technology) 800-53, NIST Cybersecurity Framework (CSF) and ISO (Independent System Operators) 27001.

• Familiarity with vendor security questionnaires (e.g., Standardized Information Gathering ("SIG") or other templates for third party assessments.

• Understanding of emerging technologies and security associated with them.

• Scripting or development experience to enable team automations.

• Security related certifications, CISSP desired.

• Experience with developing dashboards in powerBI and other reporting technologies.

• Few years of hands-on experience on vendor security monitoring technology like BitSight, is preferred.

Our compensation reflects the cost of labor across several  U.S. geographic markets, and we pay differently based on those defined markets. The U.S. pay range for this position is $101,300 -- $229,300 annually. Pay within this range varies by work location and may also depend on job-related knowledge, skills, and experience. Your recruiter can share more about the specific salary range for the job location during the hiring process.

At Adobe, for sales roles starting salaries are expressed as total target compensation (TTC = base + commission), and short-term incentives are in the form of sales commission plans. Non-sales roles starting salaries are expressed as base salary and short-term incentives are in the form of the Annual Incentive Plan (AIP).

In addition, certain roles may be eligible for long-term incentives in the form of a new hire equity award.

Adobe is proud to be an Equal Employment Opportunity and affirmative action employer. We do not discriminate based on gender, race or color, ethnicity or national origin, age, disability, religion, sexual orientation, gender identity or expression, veteran status, or any other applicable characteristics protected by law. Learn more.

Adobe aims to make Adobe.com accessible to any and all users. If you have a disability or special need that requires accommodation to navigate our website or complete the application process, email accommodations@adobe.com or call (408) 536-3015.

Adobe values a free and open marketplace for all employees and has policies in place to ensure that we do not enter into illegal agreements with other companies to not recruit or hire each other's employees.