Sr. Principal Risk Analyst
Notion Labs
- San Francisco, CA New York City, NY
- $160,000-215,000 per year
- Permanent
- Full-time
- Help mature, and scale our Security GRC program based on industry best practices for (some or all of) the following functions including Risk Management, and Business Continuity
- Implement and manage scalable process and procedures for security risk lifecycle management, risk assessments and remediation monitoring
- Develop metrics related to the risk program and overall organization's risk posture for leadership and board level reporting
- Lead effective implementation of security risk management controls to retain SOC2 Type II, ISO 27001, HIPAA, and other certifications that exhibit assurance internally and externally
- Work with business stakeholders to develop a roadmap for business continuity using a risk based approach
- Organize and lead steering committee targeted towards reducing and managing Notion's security risk posture
- Security Assessment Expertise: You have experience working with various stakeholders to review and help improve their current processes through assessments or other tools.
- Pragmatic and business-oriented: You care about business impact and prioritize projects accordingly - you understand the risks and balance the right security investments with the right bottom line outcomes.
- Empathetic communication: You communicate nuanced ideas clearly, whether you're explaining compliance requirements in writing or brainstorming in real time. When building consensus, you engage thoughtfully with other perspectives and compromise when needed.
- Team player: For you, work isn't a solo endeavor. You enjoy collaborating cross-functionally to accomplish shared goals, and you care about learning, growing, and helping others to do the same.
- With a minimum of 5-7 years experience, you may have one or more of the following: CISSP, CISA, CRISC, CIPP
- You have experience in implementing security risk management processes and frameworks (like NIST CSF, FAIR, COSO ERM, ISO 31000).
- You have experience in creating tactical and strategic risk metrics for driving visibility and action towards security risk remediations.
- You have a good understanding of how AI can impact security frameworks and can articulate its risks and benefits.
- You are experienced in developing Business Continuity Program, including: Risk Assessment, Business Impact Assessment, Recovery Procedure Planning, Tabletop Exercises, etc.
- You've managed, maintained, and monitored GRC tools.
- You've been responsible for maintaining continuous controls and participating in audits in relation to our customer facing certifications (like SOC2, ISO).
- You have experience leading projects from start to finish across multiple teams and time zones.