Security Risk Manager

About The Company

e.l.f. Beauty, Inc. stands with every eye, lip, face and paw. Our deep commitment to clean, cruelty free beauty at an incredible value has fueled the success of our flagship brand e.l.f. Cosmetics since 2004 and driven our portfolio expansion. Today, our multi-brand portfolio includes e.l.f. Cosmetics, e.l.f. SKIN, pioneering clean beauty brand Well People, Keys Soulcare, a groundbreaking lifestyle beauty brand created with Alicia Keys and Naturium, high-performance, biocompatible, clinically-effective and accessible skincare.

In our Fiscal year 25, we had net sales of $1 Billion and our business performance has been nothing short of extraordinary with 26 consecutive quarters of net sales growth. We are the #2 mass cosmetics brand in the US and are the fastest growing mass cosmetics brand among the top 5. Our total compensation philosophy offers every full-time new hire competitive pay and benefits, bonus eligibility (200% of target over the last four fiscal years), equity, and a hybrid 3 day in office, 2 day at home work environment. We believe the combination of our unique culture, total compensation, workplace flexibility and care for the team is unmatched across not just beauty but any industry.

Visit our Career Page to learn more about our team: https://www.elfbeauty.com/work-with-us

Position Summary

We are seeking a highly skilled and proactive Security Risk Manager to join our growing security team. You will be responsible for assessing, monitoring, and mitigating information security risks associated with third-party vendors and service providers. This role ensures vendor relationships comply with organizational security policies, industry regulations, and best practices to protect sensitive data and systems

Responsibilities

• Conduct comprehensive security risk assessments internally and of third-party vendors, including cloud providers, SaaS vendors, and IT service providers
• Evaluate internal and third-party security controls, policies, and compliance with frameworks such as NIST, ISO 27001, SOC 2, GDPR, HIPAA, and PCI-DSS
• Perform due diligence reviews, including security questionnaires, audits, and contract reviews
• Identify, document, and prioritize risks related to vendor access, data handling, and system integrations
• Work with procurement and legal teams to ensure security requirements are included in vendor contracts and SLAs
• Prepare risk reports for senior leadership, highlighting key vendor risks and mitigation strategies
• Communicate security expectations to vendors and internal stakeholders
• Maintain a centralized vendor risk repository with up-to-date documentation
• Stay updated on emerging threats, regulatory changes, and industry best practices
• Enhance vendor risk assessment processes and tools for efficiency and effectiveness
• Cross-train team members on risk management principles.
• Actively participate in the broader corporate security efforts, including infrastructure security, end-user training, and vulnerability management
  
  
  

Qualifications

• Bachelor’s degree in Information Security, Cybersecurity, Risk Management, or related field
• 5+ years of experience in IT risk management, vendor risk assessment, or third-party security evaluations
• Strong knowledge of security frameworks (NIST, ISO 27001, SOC 2, GDPR, etc.)
• Experience with vendor risk assessment tools
• Strong GRC (Governance, Risk, and Compliance) platform knowledge
• Familiarity with cloud security, data privacy laws, and contractual security clauses
• Strong communication and interpersonal skills, with the ability to collaborate effectively with technical and non-technical stakeholders
  
  
  

Minimum Work Experience

• 5
  
  
  

Maximum Work Experience

• 10
  
  
  

This job description is intended to describe the general nature and level of work being performed in this position. It also reflects the general details considered necessary to describe the principal functions of the job identified, and shall not be considered, as detailed description of all the work required inherent in the job. It is not an exhaustive list of responsibilities, and it is subject to changes and exceptions at the supervisors’ discretion.

e.l.f. Beauty respects your privacy. Please see our Job Applicant Privacy Notice (www.elfbeauty.com/us-job-applicant-privacy-notice) for how your personal information is used and shared.