Information Security Analyst II - Security and Privacy Vendor Risk

We are seeking a highly skilled and experienced Security and Privacy Vendor Risk Analyst. This individual will play a pivotal role in ensuring that our vendors adhere to Datadog's security, privacy, and compliance standards. This analyst will manage the evaluation and risk assessment of third-party vendors, ensuring alignment with Datadog's security and privacy policies, regulatory requirements, and risk management framework. Acting as a bridge between technical teams (such as IT security, legal, and procurement) and business stakeholders, this role ensures clear communication and risk mitigation strategies.
Datadog is building a world-class security and privacy risk management program to safeguard our data and systems from real-world threats. You will help us navigate the challenges presented by an evolving vendor ecosystem and a constantly changing regulatory landscape.
What You'll Do:

• Guide the consolidation of the vendor security and privacy risk assessment processes, ensuring third parties meet Datadog's security, privacy, and compliance standards.
• Work cross-functionally with legal, procurement, IT, privacy and security teams to evaluate vendor risks and develop mitigation strategies.
• Continuously iterate and improve the Vendor Risk Management Program to align with Datadog's risk appetite and regulatory obligations.
• Assess vendors' security and privacy controls, ensuring data handling practices align with Datadog's policies, best practices, and industry standards such as GDPR, CCPA/CPRA, HIPAA, and ISO 27001.
• Evaluate security and privacy risks associated with vendor engagements, including data processing, storage, and access.
• Support daily operational security and privacy risk activities, including vendor assessments, contract reviews, compliance documentation, and risk reporting.
• Digest complex vendor risk requests from stakeholders, identify key risks, and develop concrete recommendations to reduce risks to Datadog.
• Develop deep technical authority on vendor risk management practices and be able to articulate security and privacy risk mitigation strategies to multiple levels of the organization.

Who You Are:

• You have a BS or equivalent experience.
• You have 3 or more years of experience in vendor risk management, security risk assessments, privacy risk, or compliance.
• You possess a keen eye for detail and a strong writing ability, making you well-equipped to document vendor risk findings, security controls, and compliance measures.
• You have experience in day-to-day security and privacy risk management, including vendor due diligence, contract negotiations, and third-party assessments.
• You have a strong understanding of security and privacy risk frameworks such as GDPR, CCPA/CPRA, HIPAA, ISO 27001, SOC 2, and NIST.
• You have experience with third-party risk management platforms and risk assessment methodologies.
• You are comfortable working in a fast-paced, high-growth environment.

Bonus Points:

• You take pride in your writing ability and have been praised for it.
• You have experience with vendor risk assessment tools and security ratings platforms.
• You have experience with data security, encryption, and access control methodologies.
• You have project management experience related to vendor risk.
• You have familiarity with cloud security and SaaS risk management.

Datadog offers a competitive salary and equity package, and may include variable compensation. Actual compensation is based on factors such as the candidate's skills, qualifications, and experience. In addition, Datadog offers a wide range of best in class, comprehensive and inclusive employee benefits for this role including healthcare, dental, parental planning, and mental health benefits, a 401(k) plan and match, paid time off, fitness reimbursements, and a discounted employee stock purchase plan.
The reasonably estimated yearly salary for this role at Datadog is:
$131,000 - $157,000 USD
About Datadog:
Datadog (NASDAQ: DDOG) is a global SaaS business, delivering a rare combination of growth and profitability. We are on a mission to break down silos and solve complexity in the cloud age by enabling digital transformation, cloud migration, and infrastructure monitoring of our customers' entire technology stacks. Built by engineers, for engineers, Datadog is used by organizations of all sizes across a wide range of industries. Together, we champion professional development, diversity of thought, innovation, and work excellence to empower continuous growth. Join the pack and become part of a collaborative, pragmatic, and thoughtful people-first community where we solve tough problems, take smart risks, and celebrate one another. Learn more about #DatadogLife on Instagram , LinkedIn, and Datadog Learning Center.
Equal Opportunity at Datadog:
Datadog is an Affirmative Action and Equal Opportunity Employer and is proud to offer equal employment opportunity to everyone regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity, veteran status, and more. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. Here are our Candidate Legal Notices for your reference.
Your Privacy:
Any information you submit to Datadog as part of your application will be processed in accordance with Datadog's Applicant and Candidate Privacy Notice .