Security Analyst Ii – Third Party Risk Management

At Playlist, life's richest moments happen when people step away from screens to move, connect, explore, and play.

We're building the definitive platform for intentional living, connecting people with inspiring experiences in fitness, wellness, and beyond.

With popular brands like Mindbody and ClassPass, Playlist empowers businesses and individuals, making it effortless for aspirations to become actions.

Join us in reshaping technology's role to foster meaningful, real-world connections.

We are a dedicated team of security and information technology professionals focused on evolving Playlist's security posture.

Our collective goal is to protect the future, fostering increased opportunities for wellness businesses worldwide to empower their customers in leading secure and healthy lives.

Committed to a higher purpose, we continuously challenge ourselves and our organization to excel, understanding the strength derived from collaborative efforts towards a common objective.

We are advocates for a diverse workplace, fostering an environment where individuals can bring their authentic selves to contribute to our shared success.

At the heart of our achievements lies the belief in the value of our people.

If you share our passion and vision, consider joining our team, and let's explore the remarkable feats we can achieve together!

The Security Risk Analyst II will serve as trusted advisor for Playlist's business stakeholders.

This role is part of the Governance, Risk and Compliance team which is responsible for managing risks across the organization.

You will be responsible for identifying, assessing, and mitigating risks related to third-party relationships and services.

The role requires an organized, action-oriented team player with the ability to prioritize daily work and support multiple initiatives simultaneously; strong communication and customer focus is required.

This role also works closely with internal business customers to ensure existing and potential customers are provided accurate security posture information through timely questionnaire responses and content provided in our customer trust center.

Manage third party risk management queues to include onboarding, periodic assessments, offboarding and due diligence requests to ensure appropriate actions are taken to engage or disengage third parties.

Perform periodic security risk assessments and monitor the security posture of our existing third-party vendors.

Implement enhancements to the TPRM Program, including recommendations on process, automation, and tools used for the TPRM Program's processes, policies, standards, procedures, and tooling.

Assign risk rankings of vendor and customer relationships by analyzing due diligence questionnaire responses and documentation.

Partner with Procurement and Legal departments during contractual negotiations to provide consultation on security and privacy clauses included in third party agreements.

Collaborate with our BISOs to advise Business Partners on the appropriate implementation of cyber security, procurement and legal controls for new third-party services, leveraging a combination of these controls and the Third Party's security and privacy programs to maintain our information security and privacy posture.

Prepare security risk reports, dashboards, and operational review metrics (KRIs) or other metrics for continuous improvement and monitoring.

Maintain the integrity of Playlist's Customer Trust Center documentation and customer security requests.

Manage any internal and external audit requests related to TPRM activities and other compliance requests as needed.

Self-starter with the desire to ramp up quickly, collaborate, execute and propose alternative or creative solutions when necessary.

Excellent time management, critical thinking, analytical and communication skills.

Strong interpersonal skills, capable of interacting at all levels of the organization and with vendors.

The ability to multitask and complete assignments within deadlines that may have short lead times.

Strong collaboration skills.

Detail-oriented, deadline-driven, self-directed and organized.

Resourceful and can work well independently.

3-4 years of professional work experience in third party risk, enterprise risk, cyber security governance and / or related functions (such as IT Risk Management and IT Audit).

Demonstrate leadership skills, excellent interpersonal skills, and proven problem-solving ability.

Strong knowledge of industry best practices for third party risk management.

Relevant industry certifications (e.g. CISSP, CISM, CRISC, CISA).

Ability to provide excellent customer service to internal customers.

Have we piqued your curiosity?

Sound like the role for you?

Even if you're not 100% sure about potential fit, we still encourage you to apply.

We're looking for the right person, not the perfect series of checkboxes.

We highly value diversity at our company and encourage people of all different backgrounds, experiences, abilities and perspectives to apply.

We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, disability status, or other protected characteristics.

Referrals increase your chances of interviewing at Playlist by 2x