Third-party Security Risk Analyst

We’re the forever innovators. On a mission that goes beyond business. Securing digital ownership in a changing world. Unlocking true freedom. We’re revolutionaries.

Looking beyond today. Bridging excellence and pragmatism, with ambition and conviction, to push the limits of what’s possible. That’s what you’ll do here, in this playground of innovation. With leadership and trust, you’ll write the rules of new technology, and create products that redefine security in a digital age.

Founded in 2014, Ledger is the global platform for digital assets and Web3. Over 20% of the world’s crypto assets are secured through our Ledger Nanos. Headquartered in Paris and Vierzon, with offices in UK, US, Switzerland and Singapore, Ledger has a team of more than 500 professionals developing a variety of products and services to enable individuals and companies to securely buy, store, swap, grow and manage crypto assets - including the Ledger hardware wallets line with more than 6 millions units already sold in 200 countries.

As a Third-Party Security Risk Analyst at Ledger, you will play a vital role in protecting our organization and our customers from security risks associated with third-party vendors and partners. You will assess, mitigate, and monitor risks throughout the vendor lifecycle to ensure high-security standards, protect data, and secure systems.

**Your mission**:

- Conduct comprehensive security assessments of third-party vendors, including reviewing their security policies, procedures, and controls
- Identify and evaluate security/privacy risks, especially for vendors handling sensitive customer data and critical product supply chain operations.
- Develop and implement risk mitigation strategies to address identified vulnerabilities
- Collaborate with vendors to remediate security gaps and ensure compliance with Ledger's stringent security requirements
- Monitor vendor performance and compliance with security agreements
- Contribute to the development and improvement of Ledger's third-party security risk management program
- Prepare reports and presentations on vendor security risks and mitigation efforts for various stakeholders

**What we're looking for**:

- Degree or equivalent experience in Information Security, Cybersecurity, or a related field
- Minimum 2 years of experience in areas like audit, risk management, compliance or control function
- Strong organizational skills to manage multiple projects and document outcomes effectively
- Familiarity with security frameworks and standards (e.g., ISO 27001, NIST Cybersecurity Framework)
- Analytical and problem-solving mindset with a proactive approach to challenges
- Clear and inclusive communication skills for technical and non-technical audiences
- Experience with security assessment tools and technologies is an asset
- Knowledge of data privacy regulations (e.g., GDPR, CCPA)
- Certifications (e.g., CISSP, CISM, CISA) are welcome

**What’s in it for you**:

- **Equity**: Employees are the foundation of our success, and we award stock options so you can share in that success as we grow
- **Flexibility**: A hybrid work policy
- **Social**: Annual company outing for Ledgerdary Days, plus frequent social events, snacks and drinks
- **Medical**: Comprehensive health insurance policy offering extensive medical, dental and vision care coverage
- **Well-being**: Personal development, coaching & fitness with our dedicated partners
- **Vacation**: Five weeks of paid leave per year, in addition to national holidays and rest & relaxation (RTT) days
- **High tech**: Access to high performance office equipment and gadgets, including Apple products
- **Transport**: Ledger reimburses part of your preferred means of transportation
- **Discounts**: Employee discount on all our products

We are an equal opportunity employer for all without any distinction of gender, ethnicity, religion, sexual orientation, social status, disability or age.