Security Engineer

Riot Games is seeking a dedicated and detail-oriented Security Engineer to join the Riot Information Security team. In this role, you will be responsible for managing the security posture of our third-party vendors and partners, ensuring that they meet Riot’s security standards and industry best practices. As vendor ecosystems grow more complex and critical to business operations, this position plays a key role in protecting the confidentiality, integrity, and availability of Riot’s data and services. You will have a meaningful role on the InfoSec team and the opportunity to develop professionally in a collaborative environment.

Responsibilities:

• Conduct daily security assessments of new and existing vendors.
• Collaborate with Procurement, Legal, and business stakeholders to ensure security is integrated throughout the vendor lifecycle.
• Maintain and enforce vendor certification assessment (VCA) processes, including documentation, reviews, and follow-ups.
• Conduct risk analyses based on vendor-provided documentation (e.g., certifications, security policies).
• Track remediation efforts and ensure vendors address identified security gaps in a timely manner.
• Support on other security initiatives and daily works.

Required Qualifications:

• Bachelor’s degree in Information Security, Computer Science, Risk Management, or a related field (or equivalent experience).
• 2+ years of experience in vendor risk management, third-party security, or a related security role.
• Familiarity with common security frameworks and standards such as ISO 27001, MLPS, CSL, etc.
• Understanding of information security principles, especially in the context of third-party risk.
• Excellent communication and interpersonal skills, with the ability to work cross-functionally.
• Detail-oriented, self-driven, and comfortable managing multiple priorities.
• Proficient reading and writing skills in English.

Desired Qualifications:

• Experience working in the gaming industry or technology sector.
• Professional certifications such as CISSP, CISA are a plus.
• Experience using vendor risk management platforms or GRC tools.