Role Summary

We are seeking a highly skilled and experienced Security and Privacy Vendor Risk Analyst. This individual will play a pivotal role in ensuring that our vendors adhere to Datadog’s security, privacy, and compliance standards. This analyst will manage the evaluation and risk assessment of third-party vendors, ensuring alignment with Datadog's security and privacy policies, regulatory requirements, and risk management framework. Acting as a bridge between technical teams (such as IT security, legal, and procurement) and business stakeholders, this role ensures clear communication and risk mitigation strategies.

​

Company Overview

Datadog is building a world-class security and privacy risk management program to safeguard our data and systems from real-world threats. You will help us navigate the challenges presented by an evolving vendor ecosystem and a constantly changing regulatory landscape.

• Guide the consolidation of the vendor security and privacy risk assessment processes, ensuring third parties meet Datadog’s security, privacy, and compliance standards.
• Work cross-functionally with legal, procurement, IT, privacy and security teams to evaluate vendor risks and develop mitigation strategies.
• Continuously iterate and improve the Vendor Risk Management Program to align with Datadog’s risk appetite and regulatory obligations.
• Assess vendors' security and privacy controls, ensuring data handling practices align with Datadog's policies, best practices, and industry standards such as GDPR, CCPA/CPRA, HIPAA, and ISO 27001.
• Evaluate security and privacy risks associated with vendor engagements, including data processing, storage, and access.
• Support daily operational security and privacy risk activities, including vendor assessments, contract reviews, compliance documentation, and risk reporting.
• Digest complex vendor risk requests from stakeholders, identify key risks, and develop concrete recommendations to reduce risks to Datadog.
• Develop deep technical authority on vendor risk management practices and be able to articulate security and privacy risk mitigation strategies to multiple levels of the organization.

Required Qualifications:

• You have a BS or equivalent experience.
• You have 3 or more years of experience in vendor risk management, security risk assessments, privacy risk, or compliance.
• You possess a keen eye for detail and a strong writing ability, making you well-equipped to document vendor risk findings, security controls, and compliance measures.
• You have experience in day-to-day security and privacy risk management, including vendor due diligence, contract negotiations, and third-party assessments.
• You have a strong understanding of security and privacy risk frameworks such as GDPR, CCPA/CPRA, HIPAA, ISO 27001, SOC 2, and NIST.
• You have experience with third-party risk management platforms and risk assessment methodologies.
• You are comfortable working in a fast-paced, high-growth environment.

​

Preferred Qualifications:

• You take pride in your writing ability and have been praised for it.
• You have experience with vendor risk assessment tools and security ratings platforms.
• You have experience with data security, encryption, and access control methodologies.
• You have project management experience related to vendor risk.
• You have familiarity with cloud security and SaaS risk management.

NA

Company Overview

​

NA

​

Position Summary:

​

An ideal analyst will be responsible for supporting computer network defense, to include auditing the network for vulnerabilities, identifying relevant threats, recommending corrective actions, developing solutions for security issues, and investigating security incidents and breaches. This position is an on-site position in our Linthicum, MD facility

• Monitor and analyze security alerts and events from various security tools and systems.
• Coordinate over multiple mediums with users and administrators of various roles and backgrounds during incident investigations and response.
• Collect and analyze raw events and alerts. Construct timelines surrounding activity that is adversarial or otherwise related to the investigation at hand.
• Provide feedback on alerts received and events reviewed to the betterment of detection capabilities.
• Escalate tickets, when necessary, based on established processes.
• Classify and prioritize incidents based on established criteria.
• Consistently provide professional-quality customer service.
• Thoroughly and accurately document work details within the ticketing system.
• Maintain familiarity with products in use and the ability to quickly familiarize with related technologies.
• Stay informed of breaking news and industry best practices from multiple reliable sources and share findings.
• Attend and contribute to regular team meetings.
• Current FLSA Designation: Non/exempt – Hourly – Overtime eligible.

Required Qualifications:

​

• Bachelor's degree in related field and or/combination of education and work experience.
• Obtain within 1 year and maintain at least one of the following certifications (other intermediate certifications will be considered): Sec+, CySA+.
• Prior completion of related internship or relative class projects that expose applicant to the SOC environment.
• At minimum, entry level experience of incident investigations and responses.

​

Preferred Qualifications:

​

NA

Universal Requirements:

​

• Ability to work in an operational/shift-based environment with flexible working hours to include evenings and weekends.
• Demonstrated experience with the security industry including an understanding of best practices, risk mitigation, and compliance frameworks.
• Able to function effectively in high stakes and high stress situations.
• Legally capable of working in the US, EU, or APAC regions as designated.
• Passionate about cybersecurity and self-driven to continue to learn/develop relevant skillsets as well as maintain industry specific certifications.
• Ability to quickly find answers to questions referencing manuals and/or Internet resources.
• Fluent in English in both writing and speech (i.e., writing, reading, speaking, and understanding) possessing the ability to effectively communicate complex security concepts with end customers.

Job Summary

​

We are looking for an experienced Security/Privacy Solution Architect to join our Privacy and Data Protection Team. In this senior-level role, you will be responsible for designing, developing and implementing robust privacy enhancing solutions and enhance the security around ‘anything’ data. You’ll also contribute to ongoing efforts to strengthen our security and privacy posture. As a high-level team member, you are expected to take ownership of projects, mentor junior team members, and collaborate with cross-functional teams to ensure the development of secure, resilient and compliant systems.

​

Company Overview

​

Make your mark at Comcast -- a Fortune 30 global media and technology company. From the connectivity and platforms we provide, to the content and experiences we create, we reach hundreds of millions of customers, viewers, and guests worldwide. Become part of our award-winning technology team that turns big ideas into cutting-edge products, platforms, and solutions that our customers love. We create space to innovate, and we recognize, reward, and invest in your ideas, while ensuring you can proudly bring your authentic self to the workplace. Join us. You’ll do the best work of your career right here at Comcast. (In most cases, Comcast prefers to have employees on-site collaborating unless the team has been designated as virtual due to the nature of their work. If a position is listed with both office locations and virtual offerings, Comcast may be willing to consider candidates who live greater than 100 miles from the office for the remote option.)

• Lead the design and implementation of frameworks, solutions and architectures for on-premises, cloud and hybrid environments. Ensure that the proposed solutions support the overall business objectives while keeping in line with all the privacy regulatory requirements.
• Work with the leadership to define the Comcast’s long-term data protection strategy, aligning the architectures with business goals, regulatory requirements and emerging technologies.
• Implement a risk-based approach for prioritizing projects and customer engagements.
• Contribute to the development of security policies, procedures and standards. Ensure alignment with internal and external regulatory requirements such as GDPR, CCPA, etc.
• Lead and mentor junior engineers by providing guidance on secure design principles and architecture best practices
• Stay up to date with the latest security trends, threats and technologies. Proactively recommend new security approaches and tools to address the ever-evolving security challenges and enhance Comcast’s overall security posture
• Collaborate with various teams (devOps, Product teams, etc.) to design and implement secure systems. Work with legal and compliance to ensure data privacy and security regulations are adhered to.
• Effectively communicate findings and recommendations to both technical and non-technical stakeholders, preparing comprehensive reports and presentations.

Required Qualifications

​

• 10-15 years of experience in solution architecture, cybersecurity/privacy space
• Strong analytical, problem-solving, and communication skills, with attention to detail and a proactive mindset.
• In-depth understanding of security protocols, enterprise security solutions, emerging threats and the landscape of the privacy regulations
• Ability to analyze data from multiple sources, extrapolate key issues and propose strategies to address and fix.
• Must consider both security and business problems "end-to-end": ensure inclusion of considerations such as people, process and technology, both within and outside the enterprise, as part of any design solution.
• Contribute to the overall system implementation strategy for the enterprise and participates in appropriate forums, meetings, presentations etc. to meet goals.
• Ability to be a champion within the organization and be able to ‘sell’ the solutions
• Ability to lead a team through the project lifecycle form inception to implementation
• Contributes to and supports effort to further build intellectual property via patents.

​

Preferred Qualifications

​

• Bachelor’s degree in Computer Science, Information Security, or related field
• Master’s degree or professional certifications (e.g. CISSP, CISM, CISA, CIPT) preferred
• Experience working in highly regulated industries is a plus
• Strong leadership skills, including the ability to influence decision-making at the executive level
• Ability to think creatively and identify security solutions for new and emerging business needs and technologies
• Ability to adapt in a fast-paced, ever-evolving environment with changing business priorities and technical landscapes

NA