Third-Party Security Risk Analyst (f/m) Paris, France Corporate Functions – Legal / Permanent contract / CDI / Hybrid Apply for this job We’re the forever innovators. On a mission that goes beyond business. Securing digital ownership in a changing world. Unlocking true freedom. We’re revolutionaries. Looking beyond today. Bridging excellence and pragmatism, with ambition and conviction, to push the limits of what’s possible. That’s what you’ll do here, in this playground of innovation. With leadership and trust, you’ll write the rules of new technology, and create products that redefine security in a digital age. Founded in 2014, Ledger is the global platform for digital assets and Web3. Over 20% of the world’s crypto assets are secured through our Ledger Nanos. Headquartered in Paris and Vierzon, with offices in UK, US, Switzerland and Singapore, Ledger has a team of more than 500 professionals developing a variety of products and services to enable individuals and companies to securely buy, store, swap, grow and manage crypto assets – including the Ledger hardware wallets line with more than 6 millions units already sold in 200 countries.  As a Third-Party Security Risk Analyst at Ledger, you will play a vital role in protecting our organization and our customers from security risks associated with third-party vendors and partners. You will assess, mitigate, and monitor risks throughout the vendor lifecycle to ensure high-security standards, protect data, and secure systems. Your mission Conduct comprehensive security assessments of third-party vendors, including reviewing their security policies, procedures, and controls Identify and evaluate security/privacy risks, especially for vendors handling sensitive customer data and critical product supply chain operations. Develop and implement risk mitigation strategies to address identified vulnerabilities Collaborate with vendors to remediate security gaps and ensure compliance with Ledger's stringent security requirements Monitor vendor performance and compliance with security agreements Contribute to the development and improvement of Ledger's third-party security risk management program Prepare reports and presentations on vendor security risks and mitigation efforts for various stakeholders What we're looking for Degree or equivalent experience in Information Security, Cybersecurity, or a related field Minimum 2 years of experience in areas like audit, risk management, compliance or control function Strong organizational skills to manage multiple projects and document outcomes effectively Familiarity with security frameworks and standards (e.g., ISO 27001, NIST Cybersecurity Framework) Analytical and problem-solving mindset with a proactive approach to challenges Clear and inclusive communication skills for technical and non-technical audiences Experience with security assessment tools and technologies is an asset Knowledge of data privacy regulations (e.g., GDPR, CCPA) Certifications (e.g., CISSP, CISM, CISA) are welcome What’s in it for you Equity: Employees are the foundation of our success, and we award stock options so you can share in that success as we grow Flexibility: A hybrid work policy Social: Annual company outing for Ledgerdary Days, plus frequent social events, snacks and drinks Medical: Comprehensive health insurance policy offering extensive medical, dental and vision care coverage Well-being: Personal development, coaching & fitness with our dedicated partners Vacation: Five weeks of paid leave per year, in addition to national holidays and rest & relaxation (RTT) days High tech: Access to high performance office equipment and gadgets, including Apple products Transport: Ledger reimburses part of your preferred means of transportation Discounts: Employee discount on all our products We are an equal opportunity employer for all without any distinction of gender, ethnicity, religion, sexual orientation, social status, disability or age. Apply for this job When applying, mention the word CANDYSHOP to show you read the job post completely.