Security Risk Specialist

6 days ago

Ahmedabad Gujarat India Remote e.l.f. Beauty Full time ₹ 12,00,000 - ₹ 24,00,000 per year
About the Company
e.l.f. Beauty, Inc. stands with every eye, lip, face and paw. Our deep commitment to clean, cruelty free beauty at an incredible value has fueled the success of our flagship brand e.l.f. Cosmetics since 2004 and driven our portfolio expansion. Today, our multi-brand portfolio includes e.l.f. Cosmetics, e.l.f. SKIN, pioneering clean beauty brand Well People, Keys Soulcare, a groundbreaking lifestyle beauty brand created with Alicia Keys and Naturium, high-performance, biocompatible, clinically-effective and accessible skincare.
In our Fiscal year 25, we had net sales of $1 Billion and our business performance has been nothing short of extraordinary with 26 consecutive quarters of net sales growth. We are the #2 mass cosmetics brand in the US and are the fastest growing mass cosmetics brand among the top 5. Our total compensation philosophy offers every full-time new hire competitive pay and benefits, bonus eligibility (200% of target over the last four fiscal years), equity, and a hybrid 3 day in office, 2 day at home work environment. We believe the combination of our unique culture, total compensation, workplace flexibility and care for the team is unmatched across not just beauty but any industry.
Visit our Career Page to learn more about our team: 
Position Summary We are seeking a highly skilled and proactive Security Risk Manager to join our growing security team. You will be responsible for assessing, monitoring, and mitigating information security risks associated with third-party vendors and service providers. Responsibilities also include performing quarterly SOX audits to ensure compliance with regulatory requirements and internal controls. This position ensures vendor relationships comply with organizational security policies, industry regulations, and best practices to protect sensitive data and systems. Responsibilities
  • Conduct comprehensive security risk assessments internally and of third-party vendors, including cloud providers, SaaS vendors, and IT service providers.
  • Evaluate internal and third-party security controls, policies, and compliance with frameworks such as NIST, ISO 27001, SOC 2, GDPR, HIPAA, and PCI-DSS.
  • Perform quarterly SOX audits to validate compliance with regulatory requirements and internal controls.
  • Document audit findings, partner with stakeholders to address remediation, and track closure of identified issues.
  • Perform due diligence reviews, including security questionnaires, audits, and contract reviews.
  • Identify, document, and prioritize risks related to vendor access, data handling, and system integrations.
  • Work with procurement and legal teams to ensure security requirements are included in vendor contracts and SLAs.
  • Prepare risk reports for senior leadership, highlighting key vendor risks and mitigation strategies.
  • Communicate security expectations to vendors and internal stakeholders.
  • Maintain a centralized vendor risk repository with up-to-date documentation.
  • Stay updated on emerging threats, regulatory changes, and industry best practices.
  • Enhance vendor risk assessment processes and tools for efficiency and effectiveness.
  • Cross-train team members on risk management principles. 
  • Actively participate in the broader corporate security efforts, including infrastructure security, end-user training, and vulnerability management
Qualifications
  • Bachelor's degree in Information Security, Cybersecurity, Risk Management, or related field.
  • 5+ years of experience in IT risk management, vendor risk assessment, or third-party security evaluations.
  • Experience performing SOX compliance audits, including testing and documenting IT general controls.
  • Strong knowledge of security frameworks (NIST, ISO 27001, SOC 2, GDPR, etc.).
  • Experience with vendor risk assessment tools
  • Strong  GRC (Governance, Risk, and Compliance) platform knowledge.
  • Familiarity with cloud security, data privacy laws, and contractual security clauses.
  • Strong communication and interpersonal skills, with the ability to collaborate effectively with technical and non-technical stakeholders.
Minimum Work Experience
  • 5
Maximum Work Experience
  • 10
This job description is intended to describe the general nature and level of work being performed in this position. It also reflects the general details considered necessary to describe the principal functions of the job identified, and shall not be considered, as detailed description of all the work required inherent in the job. It is not an exhaustive list of responsibilities, and it is subject to changes and exceptions at the supervisors' discretion.
e.l.f. Beauty respects your privacy. Please see our Job Applicant Privacy Notice ) for how your personal information is used and shared. We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.

  • NFRM Information Security

    2 days ago

    Mumbai, India Deutsche Bank Full time

    Job Description NFRM Information Security & Technology Risk Specialist, AS Position Overview Job Title: NFRM Information Security & Technology Risk Specialist Location: Mumbai, India Corporate Title: Associate Role Description - An Information Technology & Security Risk Specialist to join the 2nd LoD Information Security & Technology Risk Team. The team is...

  • Risk Advisor

    1 week ago

    All India PINKERTON | Comprehensive Risk Management Full time ₹ 6,00,000 - ₹ 12,00,000 per year

    You will be joining a team at Pinkerton, an industry leader with over 170 years of experience and a global impact. As a Risk Advisor for one of Pinkerton's largest global clients, your primary responsibility will be to provide high-quality insights related to facility physical security risk assessments. This role is crucial within the Risk Advisory team as...

  • Security Risk Management Specialist

    2 days ago

    Pune, India Canonical Full time

    Job Description In security risk management we're looking to harness the power of industry best practice combined with driving new innovation on how we do security risk assessments and modelling. Our security risk management team is the primary owner of the strategy and practices of how we identify, track and reduce our security risk across everything we do....

  • Enterprise Risk Management Specialist- Freelancer

    3 weeks ago

    India Cybervie-Cyber Security Services Full time

    Job Description Position: Risk Management Consultant (Freelance / Contract) Location: Remote / Client Site (as required) Industry Focus: BFSI, Healthcare, FinTech, and Enterprise Clients Engagement Type: Consulting / Project-based We are seeking an experienced Risk Management Consultant with strong expertise in Governance, Risk & Compliance (GRC), NIST...

  • (Urgent) Cyber Security Specialist

    2 weeks ago

    India Future Applications Technologies Full time

    Company Description Future Applications Technologies is a global leader in IT solutions, delivering cutting-edge digital services to drive growth, efficiency, and security for businesses worldwide. With expertise in areas such as website development, software development, cloud services, data analytics, and cybersecurity, we empower organizations across...

  • Senior Security Engineer – AI, Cloud

    1 week ago

    India Symosis Security Full time

    Location: Remote (India) Type: Full-Time Company: Symosis Security About Symosis Security Symosis is a cybersecurity consulting firm purpose-built for the AI-native, cloud-first era. We help public-sector and enterprise clients mature their security operations through managed services, offensive testing, governance, and automation. We're expanding our MSSP...

  • Senior Security Engineer – AI, Cloud

    7 days ago

    India Symosis Security Full time

    Location : Remote (India) Type : Full-Time Company : Symosis Security About Symosis Security Symosis is a cybersecurity consulting firm purpose-built for the AI-native, cloud-first era. We help public-sector and enterprise clients mature their security operations through managed services, offensive testing, governance, and automation. We’re expanding our...

  • Specialist-Operational Risk

    2 weeks ago

    India Ujjivan Small Finance Bank Full time

    POSITION DESCRIPTION JOB TITLE- Specialist-Operational Risk GRADE SM DEPARTMENT Risk LOCATION HO TYPE OF POSITION -Full-time REPORTS TO Manager – Operational Risk Specialist-Operational Risk - Job Description Internal Process Reports loss incidents for identification of control gaps Responsible for implementing risk and control matrix / Supports for...

  • Risk Specialist

    7 days ago

    India SAP Full time ₹ 12,00,000 - ₹ 36,00,000 per year

    We help the world run betterAt SAP, we keep it simple: you bring your best to us, and we'll bring out the best in you. We're builders touching over 20 industries and 80% of global commerce, and we need your unique talents to help shape what's next. The work is challenging – but it matters. You'll find a place where you can be yourself, prioritize your...

  • Chief Information Security Officer

    2 weeks ago

    Ahmedabad, Gujarat, India Phoenix Technologies Full time

    **Position Description**: Interprets information security policies, standards, and other requirements related to internal information systems and coordinates the implementation of these and other information security requirements. The Information Security Specialist redesigns and reengineers internal information handling processes so that information is...