Job Description

About the team: 

Robinhood is looking for seasoned program managers for our Third Party (3P Review program. This program is part of the Cyber Risk and Compliance (CRC) program under Information Security. You will work very closely with the Head of CRC to define and implement a scalable third-party security review and risk management function. You will own project plans and playbooks for one or more types of 3P reviews, including vendors, acquisitions, and security-related regulatory assessments. The right candidate may be asked to take a management role within this function, but the role is currently an individual contributor. 

You will take responsibility for further developing our risk assessment instruments. You will identify opportunities for automation and propose and justify technologies to implement the automation. You will also define the process, timelines, and service level objectives for 3P assessments and establish uniform expectations for the timeliness, accuracy, and outcome of these assessments. 

You will coordinate the assessments with stakeholders across Robinhood and ensure the assessment is as streamlined as possible and minimize the amount of duplication across functions. When necessary, you will be identifying necessary deep dives and develop a custom plan for performing those deep dives to ensure the output of the assessment matches expectations. As these deep dives may be conducted on site, you may be required to travel occasionally to fulfill the role. In addition, you may be required to travel on occasion between Robinhood offices. 

In addition to the 3p assessments, you will participate in, and possibly lead, the Robinhood’s annual top-down risk assessment. This requires working with senior engineers and engineering managers across the company and requires a familiarity with security as well as general engineering practices and terminology, in addition to standard risk management practices. 

The ideal candidate will thrive on working cross-functionally, building trust and great working relationships across a number of functions. Experience as a program manager or technical program manager within a security, privacy, or risk management function is a very important qualification for this role. 

What you'll do day-to-day:

Building out and streamlining the process and instruments used for 3P assessments.
Creating and implementing a prioritization system for third party reviews.
Conducting assessments, including assigning questions and analyzing the answers.
Create, track, and report back on action items from assessments. 
Write brief reports from assessments. 
Participate in risk assessments and work collaboratively on producing follow-up documentation. 
Work with the Policy Program to build security policies and standards that define the framework for 3P assessments. 
Produce regular reporting for Security Leadership and other stakeholders. ? Manage technologies used to support the program. 
Create a plan for continually improving on the program and expanding our assessment capabilities. 

About you: 

Bachelor’s degree or equivalent experience in Computer Science, Engineering, Information Systems, or related fields. 
5+ years of experience in technical job roles of which at least five is program and project management. 
Experience writing clear concise technical documentation. 
Experience building and/or operating complex cross-functional programs.
Experience in one or more security disciplines, such as those in the Common Body of Knowledge. 
Familiarity with GDPR, CCPA, or similar regulatory requirements.

Bonus points: 

Advanced degree in a related field 
5+ years of experience in a security and/or risk management organization.
Familiarity with Process Unity, TerraTrue, Ironclad, and/or Jira. 
Experience in a highly regulated environment and/or public companies.
Experience with FINRA, NYDFS Part 500 
CISSP, CISM, ISSMP, or similar certification