Match Group is hiring a
Senior Security and Compliance Engineer

Summary

Join our team as a Security Engineer to develop third-party security review programs, collaborate with stakeholders, and implement program improvements. Work closely with the business to identify, assess, and document third-party relationships. Develop internal security policies, procedures, guidelines, and best practices.

Requirements

• Bachelor’s degree or U.S. equivalent in Computer Science, Network and Computer Security, Information Technology, or a related field
• 5 years of professional experience as Security Engineer, Security Compliance Analyst, or any occupation/position/job title involving IT security risk and compliance
• Experience in developing IT security risk and compliance guidelines and policies to support compliance programs in the technology industry
• Experience working with third-party industry frameworks (including VASQ, SIG, or CSA)
• Experience utilizing security frameworks (including SOC 2, PCI-DSS, or ISO27001)
• Experience with regulations governing outsourcing in technology data services, including personal information and privacy requirements
• Experience performing operational and technology risk management

Responsibilities

• Develop third-party security review program
• Collaborate with stakeholders to implement program improvements
• Work with Legal Operations and Vendor Management stakeholders to support continuous improvement of the entire vendor lifecycle
• Work closely with the business to identify, assess, and document third-party relationships
• Regularly review vendors and critical outsourcing arrangements
• Collaborate to devise an integrated strategy and deliverables for the company’s third-party risk roadmap
• Own the implementation of robust third-party controls and monitor arrangements on an ongoing basis
• Develop and maintain internal security policies, procedures, guidelines, and best practices
• Communicate internal security policies to stakeholders
• Work across all brands to address the latest challenges and ensure systems and users are secure
• Coordinate controls testing and compliance obligations for a decentralized environment to support corporate security
• Assess security risk for large scale organizations
• Design internal controls utilizing experience in cloud services organizations
• Perform recurring internal security audits to improve the company’s overall security posture
• Identify and assess Information Technology (IT) risks
• Recommend mitigating controls utilizing security knowledge across common industry security standards
• Participate in the development and oversight of required corrective action plans relating to security and compliance issues