Expoint - all jobs in one place

The point where experts and best companies meet

Limitless High-tech career opportunities - Expoint

Snowflake SENIOR INFORMATION SECURITY GOVERNANCE RISK COMPLIANCE ANALYST - 
United States, California 
345430243

10.09.2024
JOB RESPONSIBILITIES:
  • Ensure relevant cybersecurity risks identified are captured in the risk register and keep it updated with the related information
  • Facilitate risk decomposition (scenario generation) activities with the relevant key stakeholders and document the outcomes
  • Develop a broader understanding of the motives, targets and activities of cyber threat actors and manage threat actor profile for Snowflake
  • Perform cyber risk assessments on new and existing cyber security risks in partnership with risk owners and subject matter experts
  • Analyze cybersecurity risks to determine likelihood and impact to Snowflake business and describe risks in quantitative and qualitative terms
  • Implement a quantitative risk methodology based on FAIR approach and quantify cybersecurity risks in financial terms
  • Develop risk mitigation plan by partnering with the risk and system owners
  • Identify and develop appropriate metrics such as key performance indicators (KPIs) and key risk indicators (KRIs) to measure risks and highlight trends or themes
  • Track and monitor risk mitigation plan activities with metrics and timeline
  • Help make risk-based decisions and trade-offs impacting business strategies
  • Help project prioritization for quarterly planning activities that could mitigate the risks
  • Develop reports and dashboards to provide an update on risk posture to key stakeholders, risk owners and leadership team
  • Maintain a strong understanding of risk management methodologies and frameworks
  • Educate and build awareness of cybersecurity risk management across the organization
  • Empower key stakeholders and risk owners to use the common risk taxonomy
  • Influence behaviors to reduce cybersecurity risk and foster a strong risk-based culture throughout the organization
  • Assess, evolve, and drive the policy management framework for all Security policies and standards in partnership with Security teams and Security Risk Management
  • Review and make recommendations for streamlining existing and future security policies
  • Appropriately assess control design and effectiveness in order to ensure policy and standard enforcement
  • Create a process and collateral for rolling out new security policies to the whole company
  • Establish, document, and broadly communicate security policy management norms to the Security organization, outlining how to create, maintain, enforce, and deprecate security policies in line with enterprise policy requirements
  • Collaborate within Security Compliance, Product Security, Corporate Security, Legal and other partners to incorporate security and compliance requirements into the security policy framework and track policy implementation and issues
  • Manage the Security Exception Process to enable Security teams to track exceptions, manage approvals, and improve automation
  • Partner with Security Analytics team to develop key performance indicators and dashboards to monitor and report on the Security policies
  • Utilize people, process and technology in order to build tightly integrated policy tooling into a broad set of security internal tooling
QUALIFICATIONS:
  • Minimum of 10 years of tactical and operational experience in Governance, Risk and Compliance, or Information Security, with a focus on risk assessments/management
  • Strong analytical skills along with the ability to effectively communicate complex security related information including risk identification, assessment, and remediation activity.
  • Knowledge and practical experience with the following risk management frameworks: ISO, NIST, and FAIR.
  • Experience with creating and utilizing risk KPIs and KRIs with data visualization tooling.
  • Technical certifications within the area of security and risk are a strong plus (CISSP, CRISC, CISM or equivalent).
  • Knowledge and experience pertaining to:
    • AWS or Azure or GCP (or similar) cloud security and infrastructure
    • Software as a Service (SaaS) applications
    • CI/CD pipeline tools (such Github, Jenkins, etc.)
    • Network infrastructure security
    • Encryption technology and implementation
    • Database security
    • Operating system security
    • Artificial intelligence and machine learning
  • Expert, communicator and writer; you can coach others on their writing skills, you can adapt your communication style for your audience, and you have experience drafting policies, reports, and other written materials for a variety of executive audiences
  • Knowledge of global cybersecurity, technology and data privacy regulatory requirements
  • Experience reporting policy and compliance posture to senior stakeholders
  • Ability to direct cross functional work and hold others accountable to committed deadlines

The following represents the expected range of compensation for this role:

  • The estimated base salary range for this role is $165,000 - $231,000.
  • Additionally, this role is eligible to participate in Snowflake’s bonus and equity plan.