Senior Information Security Governance - Risk and Compliance Analyst
To see similar active jobs please follow this link: Remote System Administration jobs
We’re at the forefront of the data revolution, committed to building the world’s greatest data and applications platform. Our ‘get it done’ culture allows everyone at Snowflake to have an equal opportunity to innovate on new ideas, create work with a lasting impact, and excel in a culture of collaboration. Snowflake Global Security Compliance and Risk (GSCR) team is focused on ensuring all our Snowflake products and services, and Corporate IT environment are secured, compliant with regulatory requirements and cybersecurity and third-party risks are managed. Our team works cross-functionally with various key stakeholders (Product Security, Engineering, Corporate IT and Security, Legal, Enterprise Risk Management, and Internal Audit). The Senior Cybersecurity Risk and Policy Lead will be a critical and high-impact individual contributor role. This role will be responsible for managing the cybersecurity risks (identifying, assessing, managing, monitoring and communicating cybersecurity risks) and security policies (facilitate development, maintenance, and evolution of the security policy framework, and work with all security teams to implement, manage and track exceptions to policies, standards, and plans over time). Ideal candidates are highly motivated individuals who thrive in fast-paced environments, comfortable with modern technology stacks that leverage the cloud, and who see risk as something to manage pragmatically.
JOB RESPONSIBILITIES:
Ensure relevant cybersecurity risks identified are captured in the risk register and keep it updated with the related information
Facilitate risk decomposition (scenario generation) activities with the relevant key stakeholders and document the outcomes
Develop a broader understanding of the motives, targets and activities of cyber threat actors and manage threat actor profile for Snowflake
Perform cyber risk assessments on new and existing cyber security risks in partnership with risk owners and subject matter experts
Analyze cybersecurity risks to determine likelihood and impact to Snowflake business and describe risks in quantitative and qualitative terms
Implement a quantitative risk methodology based on FAIR approach and quantify cybersecurity risks in financial terms
Develop risk mitigation plan by partnering with the risk and system owners
Identify and develop appropriate metrics such as key performance indicators (KPIs) and key risk indicators (KRIs) to measure risks and highlight trends or themes
Track and monitor risk mitigation plan activities with metrics and timeline
Help make risk-based decisions and trade-offs impacting business strategies
Help project prioritization for quarterly planning activities that could mitigate the risks
Develop reports and dashboards to provide an update on risk posture to key stakeholders, risk owners and leadership team
Maintain a strong understanding of risk management methodologies and frameworks
Educate and build awareness of cybersecurity risk management across the organization
Empower key stakeholders and risk owners to use the common risk taxonomy
Influence behaviors to reduce cybersecurity risk and foster a strong risk-based culture throughout the organization
Assess, evolve, and drive the policy management framework for all Security policies and standards in partnership with Security teams and Security Risk Management
Review and make recommendations for streamlining existing and future security policies
Appropriately assess control design and effectiveness in order to ensure policy and standard enforcement
Create a process and collateral for rolling out new security policies to the whole company
Establish, document, and broadly communicate security policy management norms to the Security organization, outlining how to create, maintain, enforce, and deprecate security policies in line with enterprise policy requirements
Collaborate within Security Compliance, Product Security, Corporate Security, Legal and other partners to incorporate security and compliance requirements into the security policy framework and track policy implementation and issues
Manage the Security Exception Process to enable Security teams to track exceptions, manage approvals, and improve automation
Partner with Security Analytics team to develop key performance indicators and dashboards to monitor and report on the Security policies
Utilize people, process and technology in order to build tightly integrated policy tooling into a broad set of security internal tooling
QUALIFICATIONS:
Minimum of 10 years of tactical and operational experience in Governance, Risk and Compliance, or Information Security, with a focus on risk assessments/management
Strong analytical skills along with the ability to effectively communicate complex security related information including risk identification, assessment, and remediation activity.
Knowledge and practical experience with the following risk management frameworks: ISO, NIST, and FAIR.
Experience with creating and utilizing risk KPIs and KRIs with data visualization tooling.
Technical certifications within the area of security and risk are a strong plus (CISSP, CRISC, CISM or equivalent).
Knowledge and experience pertaining to:
AWS or Azure or GCP (or similar) cloud security and infrastructure
Software as a Service (SaaS) applications
CI/CD pipeline tools (such Github, Jenkins, etc.)
Network infrastructure security
Encryption technology and implementation
Database security
Operating system security
Artificial intelligence and machine learning
Expert, communicator and writer; you can coach others on their writing skills, you can adapt your communication style for your audience, and you have experience drafting policies, reports, and other written materials for a variety of executive audiences
Knowledge of global cybersecurity, technology and data privacy regulatory requirements
Experience reporting policy and compliance posture to senior stakeholders
Ability to direct cross functional work and hold others accountable to committed deadlines
Every Snowflake employee is expected to follow the company’s confidentiality and security standards for handling sensitive data. Snowflake employees must abide by the company’s data security plan as an essential part of their duties. It is every employee's duty to keep customer information secure and confidential.
About the job
Senior Information Security Governance - Risk and Compliance Analyst
To see similar active jobs please follow this link: Remote System Administration jobs
We’re at the forefront of the data revolution, committed to building the world’s greatest data and applications platform. Our ‘get it done’ culture allows everyone at Snowflake to have an equal opportunity to innovate on new ideas, create work with a lasting impact, and excel in a culture of collaboration. Snowflake Global Security Compliance and Risk (GSCR) team is focused on ensuring all our Snowflake products and services, and Corporate IT environment are secured, compliant with regulatory requirements and cybersecurity and third-party risks are managed. Our team works cross-functionally with various key stakeholders (Product Security, Engineering, Corporate IT and Security, Legal, Enterprise Risk Management, and Internal Audit). The Senior Cybersecurity Risk and Policy Lead will be a critical and high-impact individual contributor role. This role will be responsible for managing the cybersecurity risks (identifying, assessing, managing, monitoring and communicating cybersecurity risks) and security policies (facilitate development, maintenance, and evolution of the security policy framework, and work with all security teams to implement, manage and track exceptions to policies, standards, and plans over time). Ideal candidates are highly motivated individuals who thrive in fast-paced environments, comfortable with modern technology stacks that leverage the cloud, and who see risk as something to manage pragmatically.
JOB RESPONSIBILITIES:
Ensure relevant cybersecurity risks identified are captured in the risk register and keep it updated with the related information
Facilitate risk decomposition (scenario generation) activities with the relevant key stakeholders and document the outcomes
Develop a broader understanding of the motives, targets and activities of cyber threat actors and manage threat actor profile for Snowflake
Perform cyber risk assessments on new and existing cyber security risks in partnership with risk owners and subject matter experts
Analyze cybersecurity risks to determine likelihood and impact to Snowflake business and describe risks in quantitative and qualitative terms
Implement a quantitative risk methodology based on FAIR approach and quantify cybersecurity risks in financial terms
Develop risk mitigation plan by partnering with the risk and system owners
Identify and develop appropriate metrics such as key performance indicators (KPIs) and key risk indicators (KRIs) to measure risks and highlight trends or themes
Track and monitor risk mitigation plan activities with metrics and timeline
Help make risk-based decisions and trade-offs impacting business strategies
Help project prioritization for quarterly planning activities that could mitigate the risks
Develop reports and dashboards to provide an update on risk posture to key stakeholders, risk owners and leadership team
Maintain a strong understanding of risk management methodologies and frameworks
Educate and build awareness of cybersecurity risk management across the organization
Empower key stakeholders and risk owners to use the common risk taxonomy
Influence behaviors to reduce cybersecurity risk and foster a strong risk-based culture throughout the organization
Assess, evolve, and drive the policy management framework for all Security policies and standards in partnership with Security teams and Security Risk Management
Review and make recommendations for streamlining existing and future security policies
Appropriately assess control design and effectiveness in order to ensure policy and standard enforcement
Create a process and collateral for rolling out new security policies to the whole company
Establish, document, and broadly communicate security policy management norms to the Security organization, outlining how to create, maintain, enforce, and deprecate security policies in line with enterprise policy requirements
Collaborate within Security Compliance, Product Security, Corporate Security, Legal and other partners to incorporate security and compliance requirements into the security policy framework and track policy implementation and issues
Manage the Security Exception Process to enable Security teams to track exceptions, manage approvals, and improve automation
Partner with Security Analytics team to develop key performance indicators and dashboards to monitor and report on the Security policies
Utilize people, process and technology in order to build tightly integrated policy tooling into a broad set of security internal tooling
QUALIFICATIONS:
Minimum of 10 years of tactical and operational experience in Governance, Risk and Compliance, or Information Security, with a focus on risk assessments/management
Strong analytical skills along with the ability to effectively communicate complex security related information including risk identification, assessment, and remediation activity.
Knowledge and practical experience with the following risk management frameworks: ISO, NIST, and FAIR.
Experience with creating and utilizing risk KPIs and KRIs with data visualization tooling.
Technical certifications within the area of security and risk are a strong plus (CISSP, CRISC, CISM or equivalent).
Knowledge and experience pertaining to:
AWS or Azure or GCP (or similar) cloud security and infrastructure
Software as a Service (SaaS) applications
CI/CD pipeline tools (such Github, Jenkins, etc.)
Network infrastructure security
Encryption technology and implementation
Database security
Operating system security
Artificial intelligence and machine learning
Expert, communicator and writer; you can coach others on their writing skills, you can adapt your communication style for your audience, and you have experience drafting policies, reports, and other written materials for a variety of executive audiences
Knowledge of global cybersecurity, technology and data privacy regulatory requirements
Experience reporting policy and compliance posture to senior stakeholders
Ability to direct cross functional work and hold others accountable to committed deadlines
Every Snowflake employee is expected to follow the company’s confidentiality and security standards for handling sensitive data. Snowflake employees must abide by the company’s data security plan as an essential part of their duties. It is every employee's duty to keep customer information secure and confidential.