Sr. Security Risk Manager

NinjaJobs

  • Burlington, MA
  • Permanent
  • Full-time
  • 2 months ago
This position is hybrid and will be in office three days/week in the following cities:Atlanta, GA - Burlington, MA - Austin, TX - Salt Lake City, UT - McLean, VAThe OpportunityOur client's GRC team within Information Security plays a crucial role in supporting their mission. They ensure they meet their duty of care to their customers, employees, and partners by creating effective governance for upholding internal security policies, distributing foundational security expertise across every department to create a strong security culture, and bolstering customer and community trust by providing accessible and transparent information about their internal security program. This role engages regularly with other cross functional teams such as Legal, IT, HR, Sales, Finance and other executive teams.They're looking for a Senior Security Risk Manager to help advance their security risk and third party risk programs, helping them operationalize their risk management program alongside the third party risk program by implementing and managing companywide risk assessments, managing the risk register, and operationalizing a risk methodology that works across the enterprise. Security and third party risk are cross-cutting focus areas that impact all parts of the business, and this manager will be responsible for not only maintaining and fleshing out the existing program, but also seeking out areas in which the program should advance and mature.Your profile:Are you looking for a new opportunity to grow your career in information security, while being hands-on, applying your compliance & governance skills to the client's rapidly maturing company-wide security governance programs? Do you want to have a direct impact on a risk management program?If you've been answering “yes” to these questions, then you might be the person we're looking for! Keep reading below to learn more about this unique opportunity to drive impact on a security team at a security company.What You’ll Do:
  • Guide and advise other teams on the responsibilities of implementing security controls, policies, and processes across products and corporate environments
  • Build positive relationships with partner teams in Marketing, Legal, Sales, Customer Success, HR, and other teams to continuously improve internal security culture and external awareness of the security program
  • Help create metrics to demonstrate the efficiency and effectiveness of the Security risk program and to inform continuous program improvements
  • Evolve risk management practices to be more transparent, highly efficient, easy for stakeholders to engage with, and centered around objective evidence and data
  • Build data pipelines and metrics (KPIs, KRIs, KCIs) that provide real-time insight into risk posture
  • Develop, streamline, automate, and integrate security review processes (threat modeling, secure design reviews, etc.) and risk management processes (identification assessment analysis reporting)
  • Empower technical teams to efficiently self-serve security review processes, such as threat modeling
  • Identify and assess risk scenarios using qualitative and quantitative methods
  • Co-create risk mitigation and remediation plans with InfoSec and partner team subject matter experts
What You’ll Bring
  • Senior level experience typically gained in 6-8 years working in Security Risk and Third Party Risk
  • Experience with risk assessments and advisory functions
  • Experience with risk rating methodologies
  • Experience recommending mitigating controls and driving risk remediation
  • Experience reporting on risks and program operations to management
  • Expert knowledge of security risk management practices (inc. 3rd party).
  • Ability to operate various security risk management processes & tooling
  • Solid understanding of security risk and control frameworks such as ISO 27001, ISO 27701,NIST SP 800-53, and NIST SP 800-30
  • Solid understanding of cloud security architectures, technologies, and security controls
Additional Qualifications:
  • Required Education / Experience:
  • 6+ years’ experience of related work with management experience, specifically building and running risk and third party risk programs for technology companies
  • Bachelors’ degree in Business, Computer Science, or related field
  • Occasional travel required
Required Certifications / Experience:
  • ISO27001 (supporting certification efforts)
  • SOC2 (supporting certification efforts)
  • Secure Controls Framework (mapping and execution)
  • Information security certification or risk management certifications preferred (CISA, CISM, CRISC, CISSP)
  • Experience building metrics using business intelligence, data analytics, or dashboarding tools (PowerBI)
Preferred Certifications / Experience:
  • Experience using and administering various audit and GRC-focused technology platforms
  • Experience leading enterprise risk management functions
Additional pluses:
  • Market conform salary + success-oriented bonus
  • Total comp package expected to land between 190-230K including base, bonus, and stock
  • Supportive and engaged leadership team
  • 401(k) plan, full benefits package available
  • Company paid Disability and Life Insurance
  • Hybrid work environment

NinjaJobs