"Tell me about a time you had to assess the security risk of a third-party API or integration before it was allowed to access sensitive internal data. Walk me through how you evaluated it, how you handled pressure from stakeholders who wanted it approved quickly, and what decision you made in the end."
