The point where experts and best companies meet
Snowflake SENIOR INFORMATION SECURITY GOVERNANCE RISK COMPLIANCE ANALYST - United States, California 679426023
10.09.2024
Share
JOB RESPONSIBILITIES:
- Ensure relevant cybersecurity risks identified are captured in the risk register and keep it updated with the related information
- Facilitate risk decomposition (scenario generation) activities with the relevant key stakeholders and document the outcomes
- Develop a broader understanding of the motives, targets and activities of cyber threat actors and manage threat actor profile for Snowflake
- Perform cyber risk assessments on new and existing cyber security risks in partnership with risk owners and subject matter experts
- Analyze cybersecurity risks to determine likelihood and impact to Snowflake business and describe risks in quantitative and qualitative terms
- Implement a quantitative risk methodology based on FAIR approach and quantify cybersecurity risks in financial terms
- Develop risk mitigation plan by partnering with the risk and system owners
- Identify and develop appropriate metrics such as key performance indicators (KPIs) and key risk indicators (KRIs) to measure risks and highlight trends or themes
- Track and monitor risk mitigation plan activities with metrics and timeline
- Help make risk-based decisions and trade-offs impacting business strategies
- Help project prioritization for quarterly planning activities that could mitigate the risks
- Develop reports and dashboards to provide an update on risk posture to key stakeholders, risk owners and leadership team
- Maintain a strong understanding of risk management methodologies and frameworks
- Educate and build awareness of cybersecurity risk management across the organization
- Empower key stakeholders and risk owners to use the common risk taxonomy
- Influence behaviors to reduce cybersecurity risk and foster a strong risk-based culture throughout the organization
- Assess, evolve, and drive the policy management framework for all Security policies and standards in partnership with Security teams and Security Risk Management
- Review and make recommendations for streamlining existing and future security policies
- Appropriately assess control design and effectiveness in order to ensure policy and standard enforcement
- Create a process and collateral for rolling out new security policies to the whole company
- Establish, document, and broadly communicate security policy management norms to the Security organization, outlining how to create, maintain, enforce, and deprecate security policies in line with enterprise policy requirements
- Collaborate within Security Compliance, Product Security, Corporate Security, Legal and other partners to incorporate security and compliance requirements into the security policy framework and track policy implementation and issues
- Manage the Security Exception Process to enable Security teams to track exceptions, manage approvals, and improve automation
- Partner with Security Analytics team to develop key performance indicators and dashboards to monitor and report on the Security policies
- Utilize people, process and technology in order to build tightly integrated policy tooling into a broad set of security internal tooling
- Minimum of 10 years of tactical and operational experience in Governance, Risk and Compliance, or Information Security, with a focus on risk assessments/management
- Strong analytical skills along with the ability to effectively communicate complex security related information including risk identification, assessment, and remediation activity.
- Knowledge and practical experience with the following risk management frameworks: ISO, NIST, and FAIR.
- Experience with creating and utilizing risk KPIs and KRIs with data visualization tooling.
- Technical certifications within the area of security and risk are a strong plus (CISSP, CRISC, CISM or equivalent).
- Knowledge and experience pertaining to:
- AWS or Azure or GCP (or similar) cloud security and infrastructure
- Software as a Service (SaaS) applications
- CI/CD pipeline tools (such Github, Jenkins, etc.)
- Network infrastructure security
- Encryption technology and implementation
- Database security
- Operating system security
- Artificial intelligence and machine learning
- Expert, communicator and writer; you can coach others on their writing skills, you can adapt your communication style for your audience, and you have experience drafting policies, reports, and other written materials for a variety of executive audiences
- Knowledge of global cybersecurity, technology and data privacy regulatory requirements
- Experience reporting policy and compliance posture to senior stakeholders
- Ability to direct cross functional work and hold others accountable to committed deadlines
The following represents the expected range of compensation for this role:
- The estimated base salary range for this role is $165,000 - $231,000.
- Additionally, this role is eligible to participate in Snowflake’s bonus and equity plan.
These jobs might be a good fit
