Security Risk Lead

Fastly•Quinte West, ON

3d•Hybrid

About The Position

As the Security Risk Lead, you will be at the center of all things security risk-related. Your goal is to take complex security data and turn it into clear, actionable risk stories for Senior Leadership. You will help Fastly understand not just that risks exist, but influence leaders to understand why it matters and what needs to be prioritized versus dropped. You’ll diagnose problems at the source, working with stakeholders from Security, Engineering, Compliance, and the rest of the organization to redesign our internal systems and make our environment more secure. Fastly believes that security is everyone’s responsibility and you will empower all of Fastly to live up to that responsibility. You will right-size Fastly’s existing security policies and standards so they are as lean and high-performing as our technology. You will be supported by a friendly security team, where you can learn and develop. We check our egos at the door. You’ll make sure our customers benefit from a service built to the highest security standards in the industry. We pride ourselves in our involvement in the larger security community and encourage our team to present at network and security conferences and participate in the open source community. We are a distributed security team with the commitment and tools in place to make it work.

Requirements

6+ years of relevant experience and a Bachelor’s degree in Management Information Systems, Computer Science, or a related field
Proven leadership in security strategy, including influencing organizational direction, and embedding a security-first mindset across teams
Extensive experience dissecting complex environments to find risks that actually matter; ability to communicate technical vulnerabilities in a manner that adequately portrays the magnitude of the risk to technical and non-technical stakeholders
Ability to translate risks into actionable security controls
Working knowledge (either as a control owner or assessor) of various frameworks and industry standards, such as: NIST CSF, ISO 27001, PCI DSS, and OWASP Top 10
Experience crafting security policies and standards that take into account a company’s unique operating environment while still meeting security best practices
Ability to interpret internal security controls and requirements to assess and manage risk associated with third party vendors
Excellent communication and collaboration skills, capable of engaging with both technical teams and non-technical stakeholders at all levels to articulate risks, trade-offs, and security recommendations

Nice To Haves

Experience using governance, risk management, and compliance (GRC) tools preferred

Responsibilities

Lead targeted security risk assessments across the organization, proactively identifying gaps and risks which pose a threat to the safety and security
Analyze risk data to identify patterns of deficiencies and collaborate with Security Architects, Product Owners, Engineering, and Senior Leaders to propose new, or challenge existing, mitigation plans
Own and evolve the systems that track our risk decisions and mitigations; ensuring we have visibility into the greatest areas of concern, where we need to buy down more risk, and to keep our mitigation plans on track with the committed timelines
Oversee relevant Risk Committees to identify and discuss systemic and cross-functional security risks, influencing Senior Leaders across Fastly to commit to mitigation plans
Design metrics and reporting to give Senior Leadership a pulse check on our security posture, highlighting exactly where we need to invest
Maintain Fastly’s core security policies and standards, balancing industry best practices with our risk appetite
Support the assessment and maintenance of our third party risk within Fastly’s vendor landscape