Security and Risk Management

M&A and Third Party Risk Analyst (Remote US Available)

Join us as we pursue our disruptive new vision to make machine data accessible, usable and valuable to everyone. We are a company filled with people who are passionate about our product and seek to deliver the best experience for our customers. At Splunk, we’re committed to our work, customers, having fun and most importantly to each other’s success. Learn more about Splunk careers and how you can become a part of our journey

The Role

Splunk is the leader in big data, machine learning analytics with a significant presence in the cyber security market.   We are seeking a Risk Analyst - Third Party Trust to join our Splunk Global Security (SGS) team. In this role you will be a core member representing SGS in M & A project(s). You will assess the cyber risk associated with the merger or acquisition of a company into Splunk enabling Splunk to manage the cyber risks consistent with Splunk’s risk appetite. You will support SGS stakeholders enabling them to strategize and implement appropriate security controls during M&A integration and post-integration to maintain Splunk security posture. You will also lead risk assessments associated with third-party solutions and services, and communicate the risk assessment results to our internal business stakeholders empowering them to make informed decisions in order to manage the risk in alignment with their business objectives and risk appetite.

Responsibilities:

Secure Transition on M&A targets

  • Assess the target company’s cybersecurity posture during due diligence phase of a M&A
  • Gather information needed by SGS service owners to strategize the operation of security controls and manage risk during integration phase of a M&A, and to set target for security posture post-integration
  • Ensure security control ownerships are accepted by SGS service owners. Oversee integration activities to ensure they are managed consistent with defined requirements
  • Identify security compliance, regulatory and/or customer requirements & obligations that Splunk will inherit from the target company. Prepare SGS service owners to execute their security controls delivering these requirements
  • Identify and assess cyber risk associated with the execution of the integration activities. Provide information needed by risk owners to manage the risk
  • Ensure a plan is defined and signed off by SGS service owners for how end-state SGS cyber security services will be owned and executed within a prescribed time frame from completion of integration
  • Develop playbook and standardize process that effectively manages the level of security risk for different type of M&A
  • Create tools and templates to maximize the quality and completeness of the due diligence information to support the success of the cyber security activities in M&A
  • Perform vendor security risk assessment and technical assessment as applicable of target company's third-party service providers and technology vendors. Present risks to risk owners enabling them to understand the risk under their ownership and develop risk treatment plans. Monitor the execution of risk treatment and evaluate residual risk

Vendor Risk Assessment Responsibilities

  • Lead detailed vendor risk assessments, partnering closely with key partners, to identify and evaluate risks before establishing or continuing operations with third-party vendors. Accurately determine the risk rating with qualifications based on the potential impact and likelihood.
  • Strategize and incorporate a technical evaluation of the vendor and vendor solution(s), when applicable, in the risk assessment process
  • Develop and maintain high-quality risk assessment documentation covering findings, risk statements, risk ratings, justifications and recommendations in the Splunk GRC tool and risk register
  • Present risks to stakeholders, including vendors, internal risk owners, senior leadership, and executive staff (CISO and security oversight committees)
  • Collaborate with risk owners and vendors in the development of treatment plans for the effective management of risk. Monitor the execution of risk treatment(s) and evaluate the residual risk.
  • Provide security expertise to Procurement and Legal in the contract-negotiation process. Ensure that vendor agreements incorporate appropriate security obligations that maintain Splunk's high-security posture
  • Use a risk-based approach to monitor third-party vendors’ security practices and compliance with contractual obligation
  • Drive process improvements to continuously mature the Third-Party Risk Management Program and service. Champion the program mission and value proposition throughout the organization

 

Requirements:

  • 5+ years of direct work experience in M&A cybersecurity assessment, third-party risk management and/or cyber risk management
  • In-depth knowledge of mergers and acquisitions lifecycle and processes
  • Demonstrate solid knowledge of information security risks and countermeasures and PCI, HIPAA, SOC2, ISO 27002, FedRamp and other information security and control frameworks.
  • Strong technical knowledge of Cloud infrastructure, applications and coding practices preferred
  • Work experience with security concepts including the ability to assess the security aspects of the following: network devices, firewalls, intrusion detection/prevention systems, identity services, web applications, encryption, forensic analysis, penetration/vulnerability tools, Linux/windows/macOS, virtualization, desktop/laptop and mobile devices
  • Demonstrate an understanding of business processes, internal control risk management, IT controls, and how they interact together

 

We value diversity at our company. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or any other applicable legally protected characteristics in the location in which the candidate is applying.

For job positions in San Francisco, CA, and other locations where required, we will consider for employment qualified applicants with arrest and conviction records.

Join us as we pursue our disruptive new vision to make machine data accessible, usable and valuable to everyone. We are a company filled with people who are passionate about our product and seek to deliver the best experience for our customers. At Splunk, we’re committed to our work, customers, having fun and most importantly to each other’s success. Learn more about Splunk careers and how you can become a part of our journey!

 

 
Splunk's Hiring Practices
Splunk turns machine data into answers. Organizations use market-leading Splunk solutions with machine learning to solve their toughest IT, Internet of Things and security challenges.

Individuals seeking employment at Splunk are considered without regards to race, religion, color, national origin, ancestry, sex, gender, gender identity, gender expression, sexual orientation, marital status, age, physical or mental disability or medical condition (except where physical fitness is a valid occupational qualification), genetic information, veteran status, or any other consideration made unlawful by federal, state or local laws. Click here to review the US Department of Labor’s EEO is The Law notice. Please click here to review Splunk’s Affirmative Action Policy Statement.

Splunk also has policies in place to protect the personal information candidates disclose to us as part of the application process. Please click here to review Splunk’s Career Site Privacy Policy.

Splunk does not discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. Please click here to review Splunk’s Pay Transparency Nondiscrimination Provision. 
 
For job positions in San Francisco, CA, and other locations where required, we will consider for employment qualified applicants with arrest and conviction records.

Splunk is also committed to providing access to all individuals who are seeking information from our website. Any individual using assistive technology (such as a screen reader, Braille reader, etc.) who experiences difficulty accessing information on any part of Splunk’s website should send comments to accessiblecareers@splunk.com. Please include the nature of the accessibility problem and your e-mail or contact address. If the accessibility problem involves a particular page, the message should include the URL of that page.

Splunk doesn't accept unsolicited agency resumes and won't pay fees to any third-party agency or firm that doesn't have a signed agreement with Splunk.

To check on your application click here.
 
DIVE DEEPER
Find out what makes Splunk such a great place to work
Our Values

Splunkers are encouraged and empowered to be Innovative, Passionate, Disruptive, Open and Fun.
Learn More

Our Locations

From San Francisco to Shanghai, Splunkers work in 25+ offices across the globe.
Learn More

University Recruiting Program

Intern with people you want to hang out with, even outside the office.
Learn More

Our Blog

Hear from Splunkers on the latest.
Learn More

Diversity & Inclusion

Culture of Inclusion: Splunkers Share Their Stories
Learn More

LinkedIn

Follow Splunk on LinkedIn for job announcements, company news, and more.
Learn More