Third-Party Security Risk Analyst (f/m)
Paris, France
Ledger
Secure your crypto assets such as Bitcoin, Ethereum, XRP, Monero and more. Give yourself peace of mind by knowing that your cryptocurrencies are safe
We’re the forever innovators. On a mission that goes beyond business. Securing digital ownership in a changing world. Unlocking true freedom. We’re revolutionaries.Looking beyond today. Bridging excellence and pragmatism, with ambition and conviction, to push the limits of what’s possible. That’s what you’ll do here, in this playground of innovation. With leadership and trust, you’ll write the rules of new technology, and create products that redefine security in a digital age.
Founded in 2014, Ledger is the global platform for digital assets and Web3. Over 20% of the world’s crypto assets are secured through our Ledger Nanos. Headquartered in Paris and Vierzon, with offices in UK, US, Switzerland and Singapore, Ledger has a team of more than 500 professionals developing a variety of products and services to enable individuals and companies to securely buy, store, swap, grow and manage crypto assets – including the Ledger hardware wallets line with more than 6 millions units already sold in 200 countries.
As a Third-Party Security Risk Analyst at Ledger, you will play a vital role in protecting our organization and our customers from security risks associated with third-party vendors and partners. You will assess, mitigate, and monitor risks throughout the vendor lifecycle to ensure high-security standards, protect data, and secure systems.
Founded in 2014, Ledger is the global platform for digital assets and Web3. Over 20% of the world’s crypto assets are secured through our Ledger Nanos. Headquartered in Paris and Vierzon, with offices in UK, US, Switzerland and Singapore, Ledger has a team of more than 500 professionals developing a variety of products and services to enable individuals and companies to securely buy, store, swap, grow and manage crypto assets – including the Ledger hardware wallets line with more than 6 millions units already sold in 200 countries.
As a Third-Party Security Risk Analyst at Ledger, you will play a vital role in protecting our organization and our customers from security risks associated with third-party vendors and partners. You will assess, mitigate, and monitor risks throughout the vendor lifecycle to ensure high-security standards, protect data, and secure systems.
Your mission
- Conduct comprehensive security assessments of third-party vendors, including reviewing their security policies, procedures, and controls
- Identify and evaluate security/privacy risks, especially for vendors handling sensitive customer data and critical product supply chain operations.
- Develop and implement risk mitigation strategies to address identified vulnerabilities
- Collaborate with vendors to remediate security gaps and ensure compliance with Ledger's stringent security requirements
- Monitor vendor performance and compliance with security agreements
- Contribute to the development and improvement of Ledger's third-party security risk management program
- Prepare reports and presentations on vendor security risks and mitigation efforts for various stakeholders
What we're looking for
- Degree or equivalent experience in Information Security, Cybersecurity, or a related field
- Minimum 2 years of experience in areas like audit, risk management, compliance or control function
- Strong organizational skills to manage multiple projects and document outcomes effectively
- Familiarity with security frameworks and standards (e.g., ISO 27001, NIST Cybersecurity Framework)
- Analytical and problem-solving mindset with a proactive approach to challenges
- Clear and inclusive communication skills for technical and non-technical audiences
- Experience with security assessment tools and technologies is an asset
- Knowledge of data privacy regulations (e.g., GDPR, CCPA)
- Certifications (e.g., CISSP, CISM, CISA) are welcome
What’s in it for you
- Equity: Employees are the foundation of our success, and we award stock options so you can share in that success as we grow
- Flexibility: A hybrid work policy
- Social: Annual company outing for Ledgerdary Days, plus frequent social events, snacks and drinks
- Medical: Comprehensive health insurance policy offering extensive medical, dental and vision care coverage
- Well-being: Personal development, coaching & fitness with our dedicated partners
- Vacation: Five weeks of paid leave per year, in addition to national holidays and rest & relaxation (RTT) days
- High tech: Access to high performance office equipment and gadgets, including Apple products
- Transport: Ledger reimburses part of your preferred means of transportation
- Discounts: Employee discount on all our products
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Job stats:
3
1
0
Categories:
Analyst Jobs
Compliance Jobs
Tags: CCPA CISA CISM CISSP Compliance Crypto GDPR ISO 27001 NIST Privacy Risk management Security assessment Vulnerabilities
Perks/benefits: Career development Equity / stock options Fitness / gym Health care Insurance Medical leave Team events
Region:
Europe
Country:
France
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.
Information System Security Officer jobsSenior Security Analyst jobsSenior Cloud Security Engineer jobsInformation Security Manager jobsInformation Security Specialist jobsSenior Cybersecurity Engineer jobsSenior Network Security Engineer jobsSecurity Consultant jobsSenior Penetration Tester jobsIT Security Engineer jobsSenior Information Security Analyst jobsSecurity Specialist jobsCyber Security Specialist jobsSenior Cyber Security Engineer jobsChief Information Security Officer jobsInformation System Security Officer (ISSO) jobsIT Security Analyst jobsStaff Security Engineer jobsSystems Engineer jobsSystems Administrator jobsPrincipal Security Engineer jobsCloud Security Architect jobsSenior Product Security Engineer jobsSecurity Operations Analyst jobsCybersecurity Specialist jobs
CI/CD jobsMalware jobsSaaS jobsForensics jobsEDR jobsEncryption jobsSDLC jobsIDS jobsSplunk jobsBash jobsIPS jobsTop Secret jobsRMF jobsOWASP jobsIntrusion detection jobsSQL jobsThreat detection jobsFinance jobsCompTIA jobsDocker jobsDoDD 8570 jobsITIL jobsCRISC jobsActive Directory jobsGIAC jobs
HIPAA jobsTCP/IP jobsVPN jobsBanking jobsMITRE ATT&CK jobsUNIX jobsTerraform jobsOSCP jobsIT infrastructure jobsClearance Required jobsSANS jobsCISO jobsSOX jobsSOC 2 jobsPolygraph jobsDNS jobsJavaScript jobsCCSP jobsAnsible jobsIndustrial jobsSOAR jobsJira jobsCyber defense jobsCryptography jobsGCIH jobs