Director, Security, Trust, & Risk

About The Position

Requirements

• Hands-on experience at an enterprise software/SaaS business operating security trust and compliance programs that map to industry frameworks such as: SSAE18 (SOC1 and SOC2), ISO 27001, SOX 404 ITGCs, NIST CSF, 800-53, FedRAMP, & HITRUST.
• Hands-on experience translating framework requirements into practical and testable control objectives.
• Hands-on experience operating technology risk management programs, and applying quantitative risk analysis techniques (FAIR) and structured qualitative risk modeling.
• Strong understanding of modern public cloud and SaaS-based infrastructure, along with assurance automation and evidence collection using cloud APIs.
• Enterprise customer-facing security and trust assurance experience, including stakeholder management.
• Auditing experience through scoping, evidence collection, testing, and remediation.
• Direct experience building and deploying control automations.
• Working knowledge of modern web application architecture, build and release methodologies, incident response, authentication strategies, data encryption, vulnerability management, third-party risk management, and security training.

Responsibilities

• Develop and execute a modern strategy for governance, risk, and compliance that empowers the company’s growth strategy and ambitions.
• Uplift our governance, risk management, and assurance activities through a pragmatic implementation of automation and AI capabilities, championing an “automation first” mindset throughout the organization.
• Build an industry-leading and customer-centric Trust program that leads with transparency. Collaborate with Sales, Marketing, and other functions to strengthen the tools, processes, and documentation required to instill confidence in the world’s largest organizations.
• Translate complex regulatory and customer requirements into comprehensive, practical controls that improve the security and resiliency of our platform.
• Sustain a best-in-class security and compliance posture with regard to key regulatory frameworks, customer requirements, and emerging threat actor tactics. Work closely with GTM to identify and pursue additional security certifications to reinforce Anaplan’s strong security posture and unlock revenue opportunities.
• Use quantitative risk frameworks to pragmatically implement a continuous risk management program that integrates tightly with product development and engineering processes.
• Partner with engineering and product teams to track risk remediation with transparency and accountability.
• Lead external audits with a focus on simplicity, efficiency, and reuse of evidence.
• Work closely with Legal and Sales to review customer contract terms and requirements, ensuring Anaplan can deliver on its commitments in a scalable and cost-effective manner.
• Drive ongoing security awareness training and instill a security-conscious mindset throughout Anaplan.
• Own our third-party risk management (TPRM) program, collaborating with Legal, Privacy, and Procurement to minimize supply chain risk.
• requirements