HubSpot
Senior Third Party Risk & Controls Specialist
Flex - Cambridge, Massachusetts
Role brief
What this role is asking for.
HubSpot is seeking a Senior Third Party Risk & Integration Security Engineer t o join our expanding IAM, Third Party Risk Management, and Enterprise Application Management team. This role is based on the idea of “external party security” and combines technical security assessment expertise in vendor risk management, focusing on evaluating third-party applications, emerging AI technologies, and integration security. The ideal candidate will conduct technical assessments of vendor security controls while also supporting broader software management and identity and access management initiatives across the organization. This role is remote; candidates must be based in the Eastern Time Zone (ET). What you’ll do Third-Party Risk Assessment (Primary Focus - 60%) Conduct technical security assessments of third-party applications, vendors, and service providers beyond traditional questionnaire-based reviews Evaluate API security, authentication mechanisms, data flows, and integration architectures for vendor solutions Assess generative AI vulnerabilities in third-party applications, including model security, data privacy, and information disclosure risks Perform security reviews of Model Context Protocol (MCP) servers and implementations Review vendor security documentation, architecture diagrams, and technical controls Identify security gaps and provide risk-based recommendations and...
Company role signals