Security and Compliance Manager (Third Party Risk)

What is Box?

Box (NYSE:BOX) is the leader in Intelligent Content Management. Our platform enables organizations to fuel collaboration, manage the entire content lifecycle, secure critical content, and transform business workflows with enterprise AI. We help companies thrive in the new AI-first era of business. Founded in 2005, Box simplifies work for leading global organizations, including AstraZeneca, JLL, Morgan Stanley, and Nationwide. Box is headquartered in Redwood City, CA, with offices across the United States, Europe, and Asia.

By joining Box, you will have the unique opportunity to continue driving our platform forward. Content powers how we work. It’s the billions of files and information flowing across teams, departments, and key business processes every single day: contracts, invoices, employee records, financials, product specs, marketing assets, and more. Our mission is to bring intelligence to the world of content management and empower our customers to completely transform workflows across their organizations. With the combination of AI and enterprise content, the opportunity has never been greater to transform how the world works together and at Box you will be on the front lines of this massive shift.

Why Box needs you:

As with many fast-moving SaaS companies, Box relies heavily on other companies to be efficient and scale. We are looking for a Risk Manager to review the security and compliance posture of third-party vendors and work with cross-functional stakeholders to mitigate against risk. As a key member of Box’s Third Party Risk Management (TPRM) team, you will also help increase AI adoption, design new processes, and lead initiatives to grow the team’s business impact.

What you'll do:

• Deliver third-party risk assessments of Box's suppliers: assess controls, processes, and/or systems to identify risk, develop plans to mitigate against risks, and oversee the remediation plan to completion.
• Interact with suppliers and internal stakeholders to understand the business objectives and gather info needed for security and compliance reviews, validations, and audits.
• Manage and administer tools for performing supplier security and compliance reviews and risk mitigation. This includes data analytics and reporting on Third Party Risk
• Drive initiatives for strategic transformation and operational improvement
• Play a role in developing and fostering the Box culture in our growing office
• Represent Box Poland internally and externally
• Work hard, learn a lot, and have fun!

Who you are:

• 4+ years of work experience in Information Security; Governance, Risk and Compliance (GRC); or Audit. Experience in Third Party Risk Management is preferred but not required.
• Bachelor’s or Master’s degree in Information Security, Computer Science, Business Administration, or related field
• Knowledge of and interest in third party information security challenges and trends, including emerging threats; and general understanding of security and compliance certifications and frameworks such as SOC 2, ISO27001, NIST and PCI.
• Experience solving complex, systemic issues that require creative thinking and solutions
• Able to "wear multiple hats" at the same time and pivot quickly based on changes in the business.
• Must speak English proficiently 
• Effective at written and oral communication. Highly organized with a strong attention to detail. You can easily translate business requirements into technical solutions and vice versa.
• Passionate for collaboration, metrics, process improvement, figuring stuff out, and making things better.
• Have integrity. Like to have fun. Make Mom Proud.

Percentage of Time Spent:

• 40% third party risk assessments
• 30% strategic initiatives
• 20% mitigating and monitoring risk
• 10% meetings

Systems

• TPRM - Auditboard
• Exceptions - Jira

BENEFITS
Check out the overview of the benefits and additional perks offered at Box.

Box lives its values, with community and in-person collaboration being a core part of our culture. Boxers are expected to work from their assigned office a minimum of 2 days per week, with a focus on Tuesdays and Thursdays. Your Recruiter will share more about how we work and company culture during the hiring process.

EQUAL OPPORTUNITY

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, disability, and any other protected ground of discrimination under applicable human rights legislation.

For details on how we protect your information when you apply, please see our Personnel Privacy Notice.

For more details on how Box Poland protects your information, please see our Supplemental Personnel and Candidate Privacy Notice.