Cyber Risk Manager
To see similar active jobs please follow this link: Remote System Administration jobs
Job Summary
As a Cyber Risk Manager at EDB you report directly to the Director of Information Risk Director and are a trusted member of the CISO staff. Your role leads the transformation of the security controls that help drive business growth and reduce downside information risks. You work closely with peers and stakeholders to clearly articulate technical objectives and implementation requirements for the internal security program and product capabilities. You are responsible for understanding multiple security frameworks, translating objectives, partnering with stakeholders on control design, implementation, and other security initiatives. EDB is embarking on a large transformation of the security program for which you will be a leading voice of change for the business.
The ideal candidate must be comfortable working in a global environment that supports flexible work schedules, and a distributed security model. Whether you are looking to expand autonomy in your role, build a new security foundation, or just needing a change of pace this role is for you!
**Candidate Note: This role is 100% remote. We are targeting candidates located in the United States.
What your impact will be:
Perform information risk assessments using EDB’s common control framework, procedures, and policies against a combination of infrastructure, development, and business domains
Define technical security requirements for new products, features, and internal controls ensuring they meet industry standards and address key customer security risks.
Collaborate effectively with cross-functional teams, including product, engineering, marketing, and legal, to ensure security is integrated throughout the organization.
Identify key security challenges and opportunities related to our program and establish a strategic roadmap to address them.
Serve as an expert on security frameworks and objectives by assisting owners as they define new control activities, procedures and implementation
Partner with Information Security Program Management on the roadmap and execution of key security initiatives across EDB’s business units
Identify issues with current and future control implementations with the ability to communicate with an emphasis on collaboration and action
Evaluate third party risk found in new products, integrations, and services introduced into EDB portfolio and the on-going evaluation of suppliers
Continuously improve operational risk management practices with engineering teams to assist with prioritization of security debt
Support enterprise risk management practices and drive strategic mitigation planning
What you will bring:
Extensive experience conducting technical security control analysis within regulated environments
Past responsibilities managing cyber threats, vulnerabilities, and the ability to translate business impacts
Ability to perform qualitative and quantitative analysis of risks, including mitigating action plans
Experience assessing technical footprints found within both on-prem and cloud environments
Strong experience with auditing security objectives of one or more of the following: SOC2, PCI, HIPAA, SSDF, FedRAMP (800-53), ISO 27001
Effective communication skills with the ability to translate technical concerns into business risks impacts
Personal management of multiple projects, security events and incidents as required for the role
Seek to understand, lead with a collaboration first approach
What will give you an edge:
Deep knowledge of the MITRE ATT&CK Framework, attack chains and attack path mapping
Familiarity with Open FAIR or other quant based cyber risk methodologies
Deep understanding of security frameworks such as NIST CSF, ISO 27001, SOC2, HIPAA, SSDF and FedRAMP
Minimum of 5 years of experience in product security or a related field.
Proven track record of developing and implementing successful security strategies
Strong understanding of secure coding practices, threat modeling, and vulnerability management
Experience working in a fast-paced, agile environment.
Relevant security certifications (e.g., CISSP, CISM) preferred
#LI-Remote
About the job
Cyber Risk Manager
To see similar active jobs please follow this link: Remote System Administration jobs
Job Summary
As a Cyber Risk Manager at EDB you report directly to the Director of Information Risk Director and are a trusted member of the CISO staff. Your role leads the transformation of the security controls that help drive business growth and reduce downside information risks. You work closely with peers and stakeholders to clearly articulate technical objectives and implementation requirements for the internal security program and product capabilities. You are responsible for understanding multiple security frameworks, translating objectives, partnering with stakeholders on control design, implementation, and other security initiatives. EDB is embarking on a large transformation of the security program for which you will be a leading voice of change for the business.
The ideal candidate must be comfortable working in a global environment that supports flexible work schedules, and a distributed security model. Whether you are looking to expand autonomy in your role, build a new security foundation, or just needing a change of pace this role is for you!
**Candidate Note: This role is 100% remote. We are targeting candidates located in the United States.
What your impact will be:
Perform information risk assessments using EDB’s common control framework, procedures, and policies against a combination of infrastructure, development, and business domains
Define technical security requirements for new products, features, and internal controls ensuring they meet industry standards and address key customer security risks.
Collaborate effectively with cross-functional teams, including product, engineering, marketing, and legal, to ensure security is integrated throughout the organization.
Identify key security challenges and opportunities related to our program and establish a strategic roadmap to address them.
Serve as an expert on security frameworks and objectives by assisting owners as they define new control activities, procedures and implementation
Partner with Information Security Program Management on the roadmap and execution of key security initiatives across EDB’s business units
Identify issues with current and future control implementations with the ability to communicate with an emphasis on collaboration and action
Evaluate third party risk found in new products, integrations, and services introduced into EDB portfolio and the on-going evaluation of suppliers
Continuously improve operational risk management practices with engineering teams to assist with prioritization of security debt
Support enterprise risk management practices and drive strategic mitigation planning
What you will bring:
Extensive experience conducting technical security control analysis within regulated environments
Past responsibilities managing cyber threats, vulnerabilities, and the ability to translate business impacts
Ability to perform qualitative and quantitative analysis of risks, including mitigating action plans
Experience assessing technical footprints found within both on-prem and cloud environments
Strong experience with auditing security objectives of one or more of the following: SOC2, PCI, HIPAA, SSDF, FedRAMP (800-53), ISO 27001
Effective communication skills with the ability to translate technical concerns into business risks impacts
Personal management of multiple projects, security events and incidents as required for the role
Seek to understand, lead with a collaboration first approach
What will give you an edge:
Deep knowledge of the MITRE ATT&CK Framework, attack chains and attack path mapping
Familiarity with Open FAIR or other quant based cyber risk methodologies
Deep understanding of security frameworks such as NIST CSF, ISO 27001, SOC2, HIPAA, SSDF and FedRAMP
Minimum of 5 years of experience in product security or a related field.
Proven track record of developing and implementing successful security strategies
Strong understanding of secure coding practices, threat modeling, and vulnerability management
Experience working in a fast-paced, agile environment.
Relevant security certifications (e.g., CISSP, CISM) preferred
#LI-Remote