Senior Security and Compliance Analyst (Third Party Risk)

What is Box?

Box (NYSE:BOX) is the leader in Intelligent Content Management. Our platform enables organizations to fuel collaboration, manage the entire content lifecycle, secure critical content, and transform business workflows with enterprise AI. We help companies thrive in the new AI-first era of business. Founded in 2005, Box simplifies work for leading global organizations, including AstraZeneca, JLL, Morgan Stanley, and Nationwide. Box is headquartered in Redwood City, CA, with offices across the United States, Europe, and Asia.

By joining Box, you will have the unique opportunity to continue driving our platform forward. Content powers how we work. It’s the billions of files and information flowing across teams, departments, and key business processes every single day: contracts, invoices, employee records, financials, product specs, marketing assets, and more. Our mission is to bring intelligence to the world of content management and empower our customers to completely transform workflows across their organizations. With the combination of AI and enterprise content, the opportunity has never been greater to transform how the world works together and at Box you will be on the front lines of this massive shift.

Why Box Needs You:

Box relies heavily on other companies to operate efficiently and scale effectively. We are looking for a Senior Risk Analyst to support the review the security and compliance posture of third-party vendors and work cross-functionally to mitigate against risk. As a member of Box’s Third Party Risk Management (TPRM) team, you will also support AI adoption and process design, and have the chance to learn more about TPRM at a fast-growing SaaS company.

What you'll do:

• Deliver third-party risk assessments of Box's suppliers: assess controls, processes, and/or systems to identify risk, and develop plans to mitigate against risks.
• Interact with suppliers and internal stakeholders to understand the business objectives and gather info needed for security and compliance reviews, validations, and audits.
• Respond to internal and external inquiries, security assessments, and other requests related to Third Party Risk Management.
• Support strategic initiatives to improve business outcomes.
• Play a role in developing and fostering the Box culture in the newly created office
• Represent Box Poland internally and externally
• Work hard, learn a lot, and have fun!

Who you are:

• 2+ years of experience in Information Security, Governance, Risk and Compliance (GRC) or Audit
• Bachelor’s or Master’s degree in Information Security, Computer Science, Business Administration, or related field
• General knowledge of relevant security and compliance certifications and frameworks
• Knowledge of and interest in third party information security challenges and trends, including emerging threats
• Able to "wear multiple hats" at the same time and pivot quickly based on changes in the business.
• Must speak English proficiently 
• Effective at written and oral communication. Highly organized with a strong attention to detail.
• Passionate for collaboration, metrics, process improvement, figuring stuff out, and making things better.
• Have integrity. Like to have fun. Make Mom Proud.

Percentage of Time Spent:

• 65% third party risk assessments
• 15% strategic initiatives
• 10% mitigating and monitoring risk
• 10% meetings

Tooling

• TPRM tool - Auditboard
• Exceptions - Jira

BENEFITS
Check out the overview of the benefits and additional perks offered at Box.

Box lives its values, with community and in-person collaboration being a core part of our culture. Boxers are expected to work from their assigned office a minimum of 2 days per week, with a focus on Tuesdays and Thursdays. Your Recruiter will share more about how we work and company culture during the hiring process.

EQUAL OPPORTUNITY

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, disability, and any other protected ground of discrimination under applicable human rights legislation.

For details on how we protect your information when you apply, please see our Personnel Privacy Notice.

For more details on how Box Poland protects your information, please see our Supplemental Personnel and Candidate Privacy Notice