Vendor Security Risk Specialist

  • Kaunas, Lithuania
  • Engineering
  • Vinted Group

Brief info about Vinted 

Vinted Marketplace is the largest online international C2C marketplace in Europe dedicated to second-hand fashion, with a growing member base of over 80 million registered members spanning 19 markets in Europe and North America. With a mission to make second-hand the first choice worldwide, Vinted enables people to sell and buy second-hand clothes and lifestyle items from each other, helping give those items a second or even third life.  

Vinted Go launched in 2022,  with a focus on developing products and solutions for more seamless shipping and delivery across Europe. Vinted Go has connected more than 40 carriers and more than 200,000 PUDO points across Europe to support the delivery of millions of parcels per year.  

The Vinted Group, composed of Vinted Marketplace and Vinted Go, is headquartered in Vilnius, with workplaces in Czech Republic, Germany, Lithuania, France, the United Kingdom, the Netherlands and over 1,800 employees. It is backed by six leading venture capital firms: Accel, Burda Principal Investments, EQT Growth, Insight Partners, Lightspeed Venture Partners, and Sprints Capital. 

Information about the position 

As part of Vinted’s newly built Security & Privacy Operations team, you’ll be focused on assisting and supporting Vinted’s information security & privacy Third Party Risk Management (TPRM) process. Your goal is to define and develop the security requirements applicable to our vendors while coordinating and supporting security dimensions in all TPRM phases. The role will mainly focus on identifying whether selected vendors meet our customers' high expectations when it comes to information security and assist defining necessary technical and organisational measures to all the processing activities that are being identified in Vinted.

We are looking for an Information Security enthusiast, someone highly motivated with ambition, strong communication and a firm commitment to finding tailored solutions to the unique issues that third parties that work with Vinted may encounter. For the right candidate, this will be both a challenging and rewarding role.

In this position, you’ll 

  • Develop information security requirements for vendors based on the nature of the services provided and our risk appetite
  • Participate and provide support throughout the security & privacy TPRM process (including security assessments & security in contracts)
  • Continuously improve the security & privacy TPRM process to ensure visibility and high-functioning requirements are in place
  • Assist process owners in defining and implementing necessary technical and organisational measures when identifying processing activities
  • Engage, collaborate, and align closely with relevant functions across Vinted, including Procurement, Customer Support, IT, Legal, and other teams to support their initiatives
  • Assess security risks and propose most appropriate risk treatment options, including security controls, risk mitigation and avoidance that best address the organization’s strategy
  • Build trustworthy relationships with potential external partners

About you 

  • Ideally, you have a Master's degree in Information Security or relevant experience
  • Relevant experience in developing high-level information security requirements, running IT auditing, or compliance-related activities applicable to third parties
  • You have at least two years' experience in the field of information security and data protection
  • Broad knowledge of security, controls, risk & compliance standards and frameworks e.g. ISO27001, ISO27100, CIS, CSA, NIST, OWASP, etc.
  • Always on the lookout for innovative methods to improve security across the organisation and its partners
  • Strong knowledge of auditing practices and methods
  • High capability to investigate and the know-how for gathering evidence or asking the right questions to get the required information 
  • Able to strike a balance between business needs and best practices in procurement
  • Able to communicate abstract and sometimes technical topics to a business audience
  • Committed to personal and professional growth
  • Excellent at communicating in spoken and written English

Work perks 

  • The opportunity to benefit from our share options programme
  • 25 working days of holiday
  • Newest MacBook models
  • Mental and emotional health support through the Mindletic app
  • Home office support: we provide IT workstation equipment and a personal budget of up to €540 for home workplace furniture
  • A daily lunch allowance
  • Private health insurance
  • Frequent team-building events
  • A personal monthly budget for shopping on Vinted
  • The opportunity to spend up to 90 days per year - 21 of which can be spent working outside of the EU - on workation
  • A dog-friendly office

Working at Vinted 

Individual Learning Budget

Vinted will set aside a yearly sum equal to 10-13.2% of your annual salary to be invested in your continuous professional development. You’ll be able to take the initiative to use it for covering relevant learning activities that benefit your role.

Hybrid Work 

We’ve adopted a hybrid workplace model where 2 days in office are recommended but not enforced. It’s up to you and your team to decide on the exact days you’ll spend working together in person.

Equal Opportunity

The Vinted Group is committed to building an inclusive workplace where people from all walks of life feel a sense of belonging. We welcome applications from people of all backgrounds, identities and life experiences. At Vinted, all applicants are treated fairly without regard to their race, age, religion or belief, sex, national origin, citizenship, gender identity, sexual orientation, disability, or any other protected characteristic.

The salary range for this position is 2,808 - € 3,795 gross per month.