Information Security – Vendor Security
The Information Security Vendor Security position is responsible for supporting eBay’s Global Vendor Security program. This individual will be working directly with business leaders and technologists to understand outsourced business and technology processes and identify vendor security issues and risks; conducting vendor security assessment efforts for new and existing vendors; prioritizing vendor security assessment activities; and negotiating information security contract terms.
We are looking for someone with strong information security program governance, communication, negotiation, and writing skills, experience with Information Security and Privacy regulation principles, and experience working within a vendor management governance process. The successful candidate will also have a strong understanding of vendor risk management within large global enterprises.
- Work with business leaders and technologists to understand outsourced business and technology processes to identify and evaluate associated information security risks for vendors.
- Negotiate Information Security contract requirements with Legal, Privacy, and Vendors/Partners.
- Communicate vendor security risks to business leaders and vendors to ensure a clear understanding of these risks.
- Negotiate remediation plans for security issues identified from vendor assessments.
- Establish and prioritize vendor security assessment activities.
- Provides information security control expertise and guidance to major business initiatives within eBay’s global business environment as needed.
- Ensure adherence to eBay’s policies, standards, and methodologies.
- Provide leadership in maturing the global information security program to meet the ongoing needs of the business.
- Communicate and present key vendor security initiatives, practices, and issues to business units.
- Establish, monitor, and report Key Performance Indicators and Key Risk Indicators for the Vendor Security Program.
- Must be able to interface and coordinate work efficiently and effectively with business colleagues and vendors in a variety of global locations and time zones.
- Other duties as assigned.
- 7+ years of experience in Information Security with information security risk governance and compliance experience preferred.
- 3+ years of experience within a vendor security assessment role evaluating third party information security programs and negotiating information security contract terms.
- Experience working with global privacy regulations including GDPR.
- Experience using vendor cybersecurity scoring solutions is preferred.
- Strong communication and negotiation skills with the ability to communicate effectively with various audiences - technologists, business leaders, and legal contract attorneys.
- Strong writing skills with experience drafting and negotiating legal contract information security requirements.
- Strong analytical, organizational and decision-making skills.
- Self-starter with leadership skills and the ability to manage multiple vendor assessments concurrently.
Education and Certifications:
- Bachelor’s Degree or equivalent work-related experience required.
- CISSP, CISM, CISA, CIPP or equivalent preferred.
- Occasional travel required as needed
View our accessibility info
eBay Inc. is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, sex, sexual orientation, gender identity, veteran status, and disability, or other legally protected status. If you are unable to submit an application because of incompatible assistive technology or a disability, please contact us at firstname.lastname@example.org. We will make every effort to respond to your request for disability assistance as soon as possible.
For more information see: