It all started in sunny San Diego, California in 2004 when a visionary engineer, Fred Luddy, saw the potential to transform how we work. Fast forward to today — ServiceNow stands as a global market leader, bringing innovative AI-enhanced technology to over 8,100 customers, including 85% of the Fortune 500®. Our intelligent cloud-based platform seamlessly connects people, systems, and processes to empower organizations to find smarter, faster, and better ways to work. But this is just the beginning of our journey. Join us as we pursue our purpose to make the world work better for everyone.

Benefit options available through Magnit Global, depending on contract factors and upon meeting requirements.

We’re looking for a highly motivated, collaborative and technically experienced Third-Party Risk Analyst with ability to understand and influence the Vendor Risk Assessment (VRA) processes, effectively communicate ServiceNow’s controls including intent. The successful candidate must be reliable, resourceful and have a “can-do” attitude.

You will be a key member of our team and play an important role in defining the Vendor Risk Assessment framework for a leading cloud company. In this role you will be required to demonstrate ability to analyze difficult problems, think out-of-box and provide pragmatic solutions and recommendations.

ServiceNow VRA focuses on the security practices of the third parties used.  The Third-Party Risk Analyst will be involved in driving this process forward and measuring Vendor Risk Assessment process compliance.

What you get to do in this role:

• Perform new and recurring third party risk assessments.
• Review of third party provided audit reports and supporting collateral e.g., SOC reports and other certifications, or review of third-party security whitepapers.
• Using the ServiceNow platform to issue and review questionnaires completed by third parties describing their environment and controls.
• Collaborate with the Procurement Organization and the other risk organizations such as Security and Privacy.
• Work in a self-directed, collaborative, and constructive manner with our internal stakeholders.
• Lead or assist with successful completion of vendor risk assessment activities
• Work with vendors to address any remediation activities required following completion of the assessment.

To be successful in this role you have:

• Experience in leveraging or critically thinking about how to integrate AI into work processes, decision-making, or problem-solving. This may include using AI-powered tools, automating workflows, analyzing AI-driven insights, or exploring AI’s potential impact on the function or industry. 
• Excellent organization and time management skills to oversee simultaneously occurring projects, tasks, and deadlines.
• Ability to communicate technical security risks to non-technical business stakeholders.
• Strong ability to influence or negotiate with stakeholders dealing with competing priorities.
• Direct and recent working experience with at least two of the following compliance programs: ISO 27001, PCI, SSAE18, SOC2, HIPPA, 21 CFR Part 11, MTCS, IRAP and FISMA/FedRAMP.
• Ability to work independently
• Knowledge of ServiceNow Platform desired 
  • Prior experience of working in the Security and Compliance group at a SaaS/Cloud company.
  • Relevant professional certifications such as CISSP, CISA, CISM, CIPP, GIAC, PMP.
  • Ability to manage large projects.
  • Ability to understand the intent of compliance requirements to provide effective and meaningful analysis.
  • Excellent report writing skills, ability to prepare compliance reports and associated metrics.

Pursuant to the California Fair Chance Act, Los Angeles County Fair Chance Ordinance for Employers, Los Angeles Fair Chance Initiative for Hiring Ordinance, and San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records. Criminal history may have a direct, adverse, and negative relationship with some of the material job duties of this position. These include the duties and responsibilities listed above, as well as the abilities to adhere to company policies, exercise sound judgment, effectively manage stress and work safely and respectfully with others, exhibit trustworthiness, meet client expectations, standards, and accompanying requirements, and safeguard business operations and company reputation.