Who you are

• Bachelor’s degree in Information Security, Network Security, or Information Technology, or a related field (or equivalent work experience)
• 5+ years of experience in information security, risk management, or cyber supply chain security, with a strong understanding of cloud security principles (AWS, Azure, GCP)
• Strong understanding of information security risk assessment methodologies, particularly in the context of system and application integration, including experience with security assessment tools and techniques (e.g. vulnerability scanners, threat intelligence platforms, and knowledge of penetration testing methodologies)
• Familiarity with technologies and protocols commonly used in system-to-system communication (e.g., REST APIs, SAML/OAuth, secure data transfer mechanisms) and network security concepts
• Knowledge of industry frameworks and standards such as NIST, CIS, and familiarity with data privacy regulations (e.g., GDPR, CCPA)
• Experience with third-party risk management platforms (e.g., BitSight, SecurityScorecard, RiskRecon) and exposure to GRC principles and platforms
• Excellent analytical, communication (both written and verbal), including the ability to translate complex technical risks into business-understandable language
• Demonstrated problem-solving and critical thinking abilities
• Relevant professional certifications, including both broad cybersecurity credentials (e.g., CISSP) and hands-on technical certifications in defensive and offensive security (e.g., PJPT, Net+, PenTest+, CySA+), are highly desirable

What the job involves

• In today’s highly interconnected digital ecosystem, managing cyber risks across the supply chain is essential to securing our enterprise
• The increasing reliance on third-party software and service providers—coupled with the growing sophistication of supply chain-based cyber threats—requires a strategic, proactive approach to risk identification and mitigation
• That’s where you come in. We are seeking a seasoned Information Security Engineer to play a vital role in fortifying our end-to-end cyber supply chain security risk management efforts
• In this role, you will assess and manage cyber risks associated with external partners, suppliers, platforms, and integrations—ensuring that our technology ecosystem remains resilient and compliant
• You will collaborate closely with Label partners and information security engineering, product security, security operations, risk management and other information security teams to evaluate supplier security posture, monitor for cyber supply chain vulnerabilities, and implement robust risk mitigation strategies
• Your efforts will directly support the business by enabling secure, reliable, and compliant supplier relationships across the enterprise
• Conduct comprehensive cyber risk assessments on suppliers, vendors, and third-party service providers leveraging questionnaires and technical assessments
• Evaluate and review technical integrations with third-party systems, services, and APIs/SDKs to ensure secure architecture and data flows, including verification of security configurations and controls
• Collaborate with architecture, engineering, and Label-partner technical integration teams to assess risks introduced through direct and indirect system integrations and define security requirements for third-party contracts and security addendums
• Collaborate with the C-SCRM Lead to develop and maintain a cyber supply chain cybersecurity risk management strategy aligned with industry standards (e.g., NIST SP 800-161, etc.), tailored to the Company's strategic objectives, and regularly updated based on evolving threats and regulations
• Monitor and evaluate third-party risk indicators and threat intelligence relevant to cyber supply chain operations, including security ratings, vulnerability disclosures, and security incidents, potentially utilizing security monitoring tools and threat intelligence platforms
• Recommend and define specific security requirements and guidelines for third-party connections, proposing controls and mitigation strategies for cyber supply chain risks, including compensating controls when necessary, and validating the implementation of these controls
• Collaborate with internal teams during incident response scenarios involving cyber supply chain partners, including investigation, communication, and reporting, if needed
• Track and report on supply chain cyber risks and control effectiveness to senior leadership through defined metrics and key performance indicators (KPIs) in a clear and concise manner, communicating risk findings and remediation efforts to relevant stakeholders
• Stay updated on current threats, vulnerabilities, and regulatory changes impacting the cyber supply chain landscape through continuous learning, participation in industry forums, and professional development, and evaluate and recommend new tools and technologies for supply chain risk management

Benefits

• Medical (HSA & FSA)/Dental/Vision
• 401(k) with Company Match
• Employee Stock Purchase Plan
• Commuter Benefits
• In-House Wellness Program
• Learning & Development
• Charitable Giving Platform with Company Match
• Fitness Allowance
• Employee Discount Programs
• Free Games
• Company Parties, Monthly Socials, and Team Challenges
• Game Release Events