21 Apr
Sr Security GRC Program Manager - Risk Management
Georgia, Atlanta , 30301 Atlanta USA

Vacancy expired!

Job Description

What You’ll Do

We are growing our Risk / Issue Oversight & Treatment team. You will be responsible for maintaining and helping to mature our risk register and issue management programs that enable all security-related projects to reach and manage informed decisions about their security risks. You will ensure risks are actively identified, centrally registered, consistently and thoroughly assessed, reach agreed consensus on the criticality of the risk, and lead to an informed risk treatment decision. You will help design and implement efficient processes to monitor and report on the current state of our security risk posture. You will serve as a trusted advisor within Information Security and to our risk-adjacent partners including Engineering, Product, Finance, Internal Audit, Legal, Privacy, and Strategy & Operations teams. Together, your contributions will also help drive a stronger culture of risk ownership, accountability and awareness across the company as well as help meet broader enterprise risk management capabilities objectives.

As a Sr Security GRC Program Manager, you will:

  • Contribute to building and operating our risk register and issue management programs, and help maintain updates to our toolkit and procedures, as needed.

  • Actively engage with several security workflows to ensure relevant risks are actively identified and centrally registered and tracked following a consistent procedure to ensure risks are accounted for and risk treatment decisions are agreed and regularly monitored with the risk owners and reported to leadership.

  • Support or lead risk mitigation or risk acceptance conversations and help stakeholders reach a common understanding of the risks and tradeoffs, and a defined plan to either mitigate or accept the risk(s).

  • Develop regular risk metrics, dashboards, and reporting

  • Perform risk analysis to identify risk trends / behaviors and perform data quality checks of our risk/issue data to ensure data integrity.

  • Conduct and promote performing root cause analysis of identified risks / issues to ensure mitigation recommendations are adequate

  • Assist with the implementation and operation of Governance Risk and Compliance (GRC) tooling to further improve and automate our risk management processes

  • Advise and collaborate with SMEs, including Audit & Compliance teams, to ensure adequate security controls are in place to manage risk and are aligned with leading best practices

  • Help support various parts of the company to adopt a common risk management process, this may include joining other Security GRC projects (e.g., Third Party Risk Management, M&A Due Diligence, Risk & Compliance Assessments) or other projects adjacent to our Security GRC program objectives.

  • Keep up with relevant regulation, emerging threats, forecasts, policies and best practices, and maintain a mindset of constant innovation to consider possibilities in advancing our risk management framework

Qualifications

Who You Are

  • A critical problem solver, detailed oriented, and highly motivated self-starter with a passion for constant learning & improvement

  • Able to communicate relevant information clearly and concisely, both verbally and in writing

  • Able to work efficiently with minimal oversight/direction and collaborate effectively in cross functional projects

  • Have technical security-related knowledge of common risks, vulnerabilities, and threats and solid experience in escorting these issues through risk analysis / treatment / mitigation processes

  • Adept at communicating risks and issues clearly and concisely to both technical and non-technical audiences

  • Willing to advocate for the security of Twitter users and communicate why security decisions are important to other internal teams

  • Have good people skills and able to flourish under pressure and ambiguity in a fast-paced team environment

Requirements

  • Bachelor degree in Information Security, Computer Science, Management Information Systems or related field preferred

  • Minimum 6+ years of related work experience building or operating programs to mitigate risks around security, confidentiality, integrity, availability, and privacy. Preferred prior experience in Information Security, Governance Risk or Compliance, or relevant Audit / Assessments functions

  • Demonstrated success in a security / operational risk management team at large complex organizations with a mature risk oversight function with direct experience in conducting and analyzing security risk assessments

  • Strong knowledge of relevant information security frameworks, including related regulatory compliance requirements, such as ISO 27001 / ISO 27002, SOC 2 Trust Services Criteria, PCI DSS, GDPR, NIST Cyber Security Framework (CSF) / 800-53, CIS Critical Security Controls

  • Strong knowledge of audit and risk management methodologies, such as SOX, COBIT, NIST RMF / 800-37 / 800-30, FAIR

  • Relevant professional certifications in Information Security or Governance Risk Compliance Management is a plus, such as CISA, CISM, CRISC, CGEIT, CSX-P, CISSP, CCSK

  • Proficient with Atlassian products, G-Suite applications, and GRC tools, such as RSA Archer / ServiceNow / MetricStream

  • Proficient with reporting tools such as Tableau and Google Data Studio

Additional Information

All your information will be kept confidential according to EEO guidelines.

Here’s all the legal good stuff: We are committed to an inclusive and diverse Twitter. Twitter is an equal opportunity employer. We do not discriminate based on race, ethnicity, color, ancestry, national origin, religion, sex, sexual orientation, gender identity, age, disability, veteran, genetic information, marital status, or any other legally protected status.

San Francisco applicants: pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.

Notice (Colorado Equal Pay for Equal Work Act)The expected salary range for this role to be performed in Colorado is USD$157,000.00 - USD$220,000.00. Starting pay for the successful applicant will depend on a variety of job-related factors, which may include education, training, experience, location, business needs, or market demands. This range may be modified in the future.This job is also eligible for participation in Twitter’s Performance Bonus Plan and Equity Incentive Plan subject to the terms of the applicable plans and policies.Twitter offers a wide range of benefits to U.S.-based employees, including medical, dental, and vision insurance, 401(k) program with employer match, generous time off for vacation, sick time, and parental leave. Twitter's benefits prioritize employee wellness and progressive support to our diverse workforce.

Vacancy expired!


Related jobs

Report job