Sr. Security Risk Manager
NinjaJobs
- Burlington, MA
- Permanent
- Full-time
- Guide and advise other teams on the responsibilities of implementing security controls, policies, and processes across products and corporate environments
- Build positive relationships with partner teams in Marketing, Legal, Sales, Customer Success, HR, and other teams to continuously improve internal security culture and external awareness of the security program
- Help create metrics to demonstrate the efficiency and effectiveness of the Security risk program and to inform continuous program improvements
- Evolve risk management practices to be more transparent, highly efficient, easy for stakeholders to engage with, and centered around objective evidence and data
- Build data pipelines and metrics (KPIs, KRIs, KCIs) that provide real-time insight into risk posture
- Develop, streamline, automate, and integrate security review processes (threat modeling, secure design reviews, etc.) and risk management processes (identification assessment analysis reporting)
- Empower technical teams to efficiently self-serve security review processes, such as threat modeling
- Identify and assess risk scenarios using qualitative and quantitative methods
- Co-create risk mitigation and remediation plans with InfoSec and partner team subject matter experts
- Senior level experience typically gained in 6-8 years working in Security Risk and Third Party Risk
- Experience with risk assessments and advisory functions
- Experience with risk rating methodologies
- Experience recommending mitigating controls and driving risk remediation
- Experience reporting on risks and program operations to management
- Expert knowledge of security risk management practices (inc. 3rd party).
- Ability to operate various security risk management processes & tooling
- Solid understanding of security risk and control frameworks such as ISO 27001, ISO 27701,NIST SP 800-53, and NIST SP 800-30
- Solid understanding of cloud security architectures, technologies, and security controls
- Required Education / Experience:
- 6+ years’ experience of related work with management experience, specifically building and running risk and third party risk programs for technology companies
- Bachelors’ degree in Business, Computer Science, or related field
- Occasional travel required
- ISO27001 (supporting certification efforts)
- SOC2 (supporting certification efforts)
- Secure Controls Framework (mapping and execution)
- Information security certification or risk management certifications preferred (CISA, CISM, CRISC, CISSP)
- Experience building metrics using business intelligence, data analytics, or dashboarding tools (PowerBI)
- Experience using and administering various audit and GRC-focused technology platforms
- Experience leading enterprise risk management functions
- Market conform salary + success-oriented bonus
- Total comp package expected to land between 190-230K including base, bonus, and stock
- Supportive and engaged leadership team
- 401(k) plan, full benefits package available
- Company paid Disability and Life Insurance
- Hybrid work environment