Snowflake is looking for a Senior Security Risk Analyst to join our Global Security Compliance & Risk team and help manage and improve on the existing program for assessing the risk of third party tools and services in use by Snowflake. You will be responsible for managing the intake process, working with constituents to collect the required information, collecting all necessary details to understand the use case for each tool or service, and reviewing the required documentation and evidence to meet the security controls required based on the use case. You will help identify and manage Third Party security risk to protect Snowflake assets.
, YOU WILL:
- Perform ongoing third party security risk assessments to help Snowflake identify and evaluate security risks
- Support and monitor remediation efforts of identified gaps, perform remediation audit to validate the closure
- Review and process incoming requests for security assessment of new products and services
- Review all evidence provided to compare vendor security controls to Snowflake data protection requirements
- Assess and manage security findings from various vendor security monitoring systems
- Develop and improve security documentation
- Work cross-functionally to ensure team objectives are achieved
- Take risk-based approach to review security agreement
- Measure effectiveness of the program and ensure SLA is met
WILL HAVE:
- 6+ years of experience in security compliance role with 3+ years previous experience in third party security risk
- Understanding of a broad set of security best practices (e.g., application security, secure software development lifecycles, risk management, data protection, encryption & key management, identity and access management, security operations, security governance, network security, etc.) and technologies
- Flexibility to work during different time zones
- Exceptional communication skills, including perfect written English
- Familiarity with PCI-DSS, HIPAA, SOC1, SOC2, GDPR, and/or ISO standards and frameworks
- Previous role that requires exceptional organizational skills. Ability to analyze, organize and prioritize multiple tasks and meet deadlines
- Technical competence sufficient to understand and explain complicated security concepts to various Snowflake stakeholders possessing varying levels of cybersecurity skill and understanding
- Self-motivated problem solver who is comfortable engaging with high paced and complex environment
- Work independently as well as collaboratively within a team environment. Ability to translate ambiguous directives into relevant action items and deliverables
- Ability to think strategically and plan effectively, with attention to details and a strong ownership ethic and intense focus on accuracy and accountability
- Extremely high ethical standards as proven by successful background checks and references
- Previous experience working with a variety of personalities from a variety of cultures
BONUS POINTS FOR EXPERIENCE WITH THE FOLLOWING:
- Proficiency in use of JIRA, Confluence, and ServiceNow
- Proven experience in reviewing and negotiating security agreements
- Security certification, such as CISSP, CCSP, CISA, Security+
- AWS, Azure, Google Cloud, or other major Cloud Provider experience