SR. MANAGER, IT RISK & COMPLIANCE

At Elastic, we see endless possibility in a world of endless data. And we use the power of search to help people and organizations turn that possibility into results. Elastic is the leading platform for search-powered solutions. With solutions in Enterprise Search, Observability, and Security, we help improve customer and employee search experiences, keep critical applications running smoothly, and protect against cyber threats. Elastic enables thousands of organizations worldwide to use the power of Elastic, including Netflix, Uber, BBC, Microsoft, and thousands of others.Elastic was built on a foundation of being free and open, which trickles down to how we work. We're a distributed organization and have been from the beginning. Being distributed isn't just a way of doing business-it's a mentality that is at the core of our culture.Business Systems OverviewWe are looking for a Sr. Manager, IT Risk & Compliance, to join the team. You will lead the Risk & Compliance team to help ensure the IT organization is effectively managing risk associated with its normal functions. The ideal candidate is a cross-functional, value-add partner who leverages their expertise in risk management and oversight. This role will enable you to work across both internal and external audit, as well as within compliance and risk organizations to ensure our current controls provide confidence to customers and partners. This position offers a balance of creating and evolving the internal IT processes, as well influencing and partnering with internal/external organizations. Further, you will have the opportunity to define the roles, responsibilities and processes that IT manages within compliance.What You Will Be Doing:IT Audit Support:Being IT's primary point of contact for Internal Audit, External Audit, and InfoSec Assurance/Risk. This collaboration involves the strategic alignment of audit related approaches, standards, decisions, requests, and assisting with evidence collection.Preparing IT stakeholders for meetings with auditors, including walkthroughsOngoing monitoring, testing, and assistance with SOX related matters such as SDLC testing, control design consultations, and remediation activities.Reviewing control testing workpapers and ensure support and conclusions are well documented in accordance with standardsCentrally coordinating distributed controls such as periodic user access reviews.Maintaining control narratives and assisting with process documentationIT Risk Management:Third-party assurance and risk management including SOC/bridge letter report collection and collaboration with InfoSec's third party risk programTracking and prioritizing control gaps/weaknesses. Presenting analysis findings to propose process improvements that will strengthen the internal control environment while increasing efficiency and effectivenessGuidance around technical best practices and risk mitigation strategiesAutomation and real-time monitoring of risk management activities, such as enhancing the efficiency and effectiveness of risk monitoring efforts through automation, compliance-as-code, and use of Elastic's own technology stackAnalyzing a range of IaaS, SaaS, and PaaS instances for risk optimizationControl/risk education For full info follow application link.Different people approach problems differently. We need that. Elastic is committed to diversity as well as inclusion. We are an equal opportunity employer and committed to the principles of affirmative action. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status or any other basis protected by federal, state or local law, ordinance or regulation. If you require any reasonable accessibility support, please complete our Candidate Accessibility Request Form.