SENIOR INFORMATION SECURITY GOVERNANCE, RISK AND COMPLIANCE ANALYST

Snowflake ComputingMenlo Park, CA
299d$198,000 - $303,600
Match Resume

About The Position

Build the future of the AI Data Cloud. Join the Snowflake team. We're at the forefront of the data revolution, committed to building the world's greatest data and applications platform. Our ‘get it done' culture allows everyone at Snowflake to have an equal opportunity to innovate on new ideas, create work with a lasting impact, and excel in a culture of collaboration. Snowflake Global Security Compliance and Risk (GSCR) team is focused on ensuring all our Snowflake products and services, and Corporate IT environment are secured, compliant with regulatory requirements and cybersecurity and third-party risks are managed. Our team works cross-functionally with various key stakeholders (Product Security, Engineering, Corporate IT and Security, Legal, Enterprise Risk Management, and Internal Audit). The Senior Cybersecurity Risk and Policy Lead will be a critical and high-impact individual contributor role. This role will be responsible for managing the cybersecurity risks (identifying, assessing, managing, monitoring and communicating cybersecurity risks) and security policies (facilitate development, maintenance, and evolution of the security policy framework, and work with all security teams to implement, manage and track exceptions to policies, standards, and plans over time). Ideal candidates are highly motivated individuals who thrive in fast-paced environments, comfortable with modern technology stacks that leverage the cloud, and who see risk as something to manage pragmatically.

Requirements

  • Minimum of 10 years of tactical and operational experience in Governance, Risk and Compliance, or Information Security, with a focus on risk assessments/management
  • Strong analytical skills along with the ability to effectively communicate complex security related information including risk identification, assessment, and remediation activity
  • Knowledge and practical experience with the following risk management frameworks: ISO, NIST, and FAIR
  • Experience with creating and utilizing risk KPIs and KRIs with data visualization tooling
  • Technical certifications within the area of security and risk are a strong plus (CISSP, CRISC, CISM or equivalent)
  • Knowledge and experience pertaining to AWS or Azure or GCP (or similar) cloud security and infrastructure
  • Experience with Software as a Service (SaaS) applications
  • Familiarity with CI/CD pipeline tools (such Github, Jenkins, etc.)
  • Understanding of network infrastructure security, encryption technology and implementation, database security, and operating system security
  • Knowledge of artificial intelligence and machine learning
  • Expert communicator and writer; ability to coach others on their writing skills and adapt communication style for different audiences
  • Knowledge of global cybersecurity, technology and data privacy regulatory requirements
  • Experience reporting policy and compliance posture to senior stakeholders
  • Ability to direct cross functional work and hold others accountable to committed deadlines

Responsibilities

  • Ensure relevant cybersecurity risks identified are captured in the risk register and keep it updated with the related information
  • Facilitate risk decomposition (scenario generation) activities with the relevant key stakeholders and document the outcomes
  • Develop a broader understanding of the motives, targets and activities of cyber threat actors and manage threat actor profile for Snowflake
  • Perform cyber risk assessments on new and existing cyber security risks in partnership with risk owners and subject matter experts
  • Analyze cybersecurity risks to determine likelihood and impact to Snowflake business and describe risks in quantitative and qualitative terms
  • Develop risk mitigation plan by partnering with the risk and system owners
  • Identify and develop appropriate metrics such as key performance indicators (KPIs) and key risk indicators (KRIs) to measure risks and highlight trends or themes
  • Track and monitor risk mitigation plan activities with metrics and timeline
  • Help make risk-based decisions and trade-offs impacting business strategies
  • Help project prioritization for quarterly planning activities that could mitigate the risks
  • Develop reports and dashboards to provide an update on risk posture to key stakeholders, risk owners and leadership team
  • Maintain a strong understanding of risk management methodologies and frameworks
  • Educate and build awareness of cybersecurity risk management across the organization
  • Empower key stakeholders and risk owners to use the common risk taxonomy
  • Influence behaviors to reduce cybersecurity risk and foster a strong risk-based culture throughout the organization
  • Assess, evolve, and drive the policy management framework for all Security policies and standards in partnership with Security teams and Security Risk Management
  • Review and make recommendations for streamlining existing and future security policies
  • Appropriately assess control design and effectiveness in order to ensure policy and standard enforcement
  • Create a process and collateral for rolling out new security policies to the whole company
  • Establish, document, and broadly communicate security policy management norms to the Security organization, outlining how to create, maintain, enforce, and deprecate security policies in line with enterprise policy requirements
  • Collaborate within Security Compliance, Product Security, Corporate Security, Legal and other partners to incorporate security and compliance requirements into the security policy framework and track policy implementation and issues
  • Manage the Security Policy Exception Process to enable Security teams to track exceptions, manage approvals, and improve automation
  • Partner with Security Data Analytics team to develop key performance indicators and dashboards to monitor and report on the Security policies
  • Utilize people, process and technology in order to build tightly integrated policy tooling into a broad set of security internal tooling

Benefits

  • Medical, dental, vision, life, and disability insurance
  • 401(k) retirement plan
  • Flexible spending & health savings account
  • At least 12 paid holidays
  • Paid time off
  • Parental leave
  • Employee assistance program
  • Other company benefits

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume

What This Job Offers

Job Type

Full-time

Career Level

Senior

Industry

Computing Infrastructure Providers, Data Processing, Web Hosting, and Related Services

Education Level

Bachelor's degree

Job Search Resources

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service