Security Analyst II – Third Party Risk Management

We're revolutionizing the fitness & wellness industry, and we’re looking for talented people to help us do it. Mindbody + ClassPass bring together the best of both sides of the market: Mindbody is the industry’s most trusted all-in-one technology platform; ClassPass is one of the most popular apps for fitness & self-care enthusiasts. Together we’re partnering with more than 70,000 fitness studios, gyms, salons, and spas around the world. We’re not just another tech company—we’re far and away the leader of our industry. So join the team, work with mission-led people, and enjoy amazing benefits. Let’s see what we can accomplish together! 

Who we are   

We are a dedicated team of security and information technology professionals focused on evolving Mindbody’s security posture. Our collective goal is to protect the future, fostering increased opportunities for wellness businesses worldwide to empower their customers in leading secure and healthy lives. Committed to a higher purpose, we continuously challenge ourselves and our organization to excel, understanding the strength derived from collaborative efforts towards a common objective. We are advocates for a diverse workplace, fostering an environment where individuals can bring their authentic selves to contribute to our shared success. At the heart of our achievements lies the belief in the value of our people. If you share our passion and vision, consider joining our team, and let's explore the remarkable feats we can achieve together!  

Your role  

The Third-Party Security Risk Analyst will serve as trusted advisor for Mindbody + Classpass’ business stakeholders. This role is part of the Governance, Risk and Compliance team which is responsible for managing risks across the organization. You will be responsible for identifying, assessing, and mitigating risks related to third-party relationships and services. The role requires an organized, action-oriented team player with the ability to prioritize daily work and support multiple initiatives simultaneously; strong communication and customer focus is required. This role also works closely with internal business customers to ensure existing and potential customers are provided accurate security posture information through timely questionnaire responses and content provided in our customer trust center. 

You will:  

• Manage third party risk management queues to include onboarding, periodic assessments, offboarding and due diligence requests to ensure appropriate actions are taken to engage or disengage third parties.  

• Perform periodic security risk assessments and monitor the security posture of our existing third-party vendors. 

• Implement enhancements to the TPRM Program, including recommendations on process, automation, and tools used for the TPRM Program’s processes, policies, standards, procedures, and tooling.   

• Assign risk rankings of vendor and customer relationships by analyzing due diligence questionnaire responses and documentation. 

• Partners with Procurement and Legal departments during contractual negotiations to provide consultation on security and privacy clauses included in third party agreements. 

• Collaborates with our BISOs to advise Business Partners on the appropriate implementation of cyber security, procurement and legal controls for new third-party services, leveraging a combination of these controls and the Third Party's security and privacy programs to maintain our information security and privacy posture. 

• Prepare security risk reports, dashboards, and operational review metrics (KRIs) or other metrics for continuous improvement and monitoring. 

• Maintain the integrity of Mindbody + Classpass’ Customer Trust Center documentation and customer security requests. 

• Manages any internal and external audit requests related to TPRM activities and other compliance requests as needed.  

About the right team member  

• Self-starter with the desire to ramp up quickly, collaborate, execute and propose alternative or creative solutions when necessary. 

• Excellent time management, critical thinking, analytical and communication skills. 

• Strong interpersonal skills, capable of interacting at all levels of the organization and with vendors. 

• The ability to multitask and complete assignments within deadlines that may have short lead times. 

• Strong collaboration skills 

• Detail-oriented, deadline driven, self-directed and organized. 

• Resourceful and can work well independently. 

You’ll thrive in this role with experience in: 

• 3-4 years of professional work experience in third party risk, enterprise risk, cyber security governance and/or related functions (such as IT Risk Management and IT Audit). 

• Demonstrate leadership skills, excellent interpersonal skills, and proven problem-solving ability. 

• Strong knowledge of industry best practices for third party risk management. 

• Relevant industry certifications (e.g. CISSP, CISM, CRISC, CISA). 

• Ability to provide excellent customer service to internal customers.  

Have we piqued your curiosity?

Sound like the role for you? We’d love to hear from you! Even if you’re not 100% sure about potential fit, we still encourage you to apply. We’re looking for the right person, not the perfect series of checkboxes.

Mindbody is an Equal Opportunity Employer. We highly value diversity at our company and encourage people of all different backgrounds, experiences, abilities and perspectives to apply. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, disability status, or other protected characteristics.

By entering your email and phone number and submitting your application, you consent to receive emails, calls and SMS about your application and other roles at Mindbody, including by auto-dialer. Message and data rates may apply. Opt-out or text STOP to cancel at any time. If you are a California resident or reside outside the United States then by submitting your application you confirm that you have read, understood, agree and - where applicable - grant your prior, free, informed and express consent for the processing of your personal information, including sensitive personal information, as described in our California Applicant Privacy Notice or International Applicant Privacy Notice (as applicable).