Information Security Risk Manager
San Francisco, CA, USA | Cloud Communications Company
Industry:Telecommunications & Wireless
Job Description:168 people have viewed this job
Cloud Communications Company Security is a growing team and we’re looking for someone to identify, assess, mitigate, and report on technology risk at Cloud Communications Company.You will lead the Cloud Communications Company technology risk program and scale the program for growth. Your responsibilities will cover executing day to day activities, optimizing the program, and planning for the future.Reporting to the head of Cloud Communications Company Risk Management, this position is critical to ensuring Cloud Communications Company risk posture is maintained.
Cloud Communications Company is looking for a thought leader with a demonstrated track record of analyzing and reporting on technology risk.
You have at least three years of experience with security risk identification, measurement, mitigation, monitoring, and reporting
You have a solid understanding of cloud platforms and emerging information security disciplines (e.g. SaaS security, cloud security, IoT security, etc.).Understanding or experience with telecommunications security is a plus.
You are familiar with industry and compliance standards around cyber risk management (e.g., NIST, ISO 27001)
You have extraordinary organizational, analytical, and problem-solving skills, preferably in a risk context
You have a track record of building and improving existing programs and processes
Degree and/or experience in Management Information Systems, Information Security and/or Computer Science
You have or are willing to obtain a certification such as: CISSP, CISA, CCSP, CCSK, CIPP, PMP, CRISC, CFCP, or CGEIT
Experience working with regulated companies (financial, healthcare, etc), working with risk governance programs, and/or quantifying risk are desirable
As Information Security Risk Manager, you will:
Build the vision, priorities, and plans to quantitatively assess security risks at Cloud Communications Company.
Assess and update risk management policies, frameworks and methodologies.
Design and execute periodic risk & control assessments with a focus on security control efficacy.
Monitor risk management practices to ensure alignment with the desired enterprise risk profile.
Design and report relevant security risk management information to management.
Performs controls testing for high risk areas to identify risk issues and tracks remediation efforts.
Support customer and audit requests, as needed.
Draft and update maturity assessments based on industry frameworks (e.g. NIST CSF)
The security risk team is foundational to the Cloud Communications Company security program.We work closely with the security engineers, compliance analysts, privacy, and engineers.We analyze and provide visibility to security risks to lessen the chance of a data incident.
Cloud Communications Company is a company that is empowering the world’s developers with modern communication in order to build better applications. Cloud Communications Company is truly unique; we are a company committed to your growth, your learning, your development and your entire employee experience.We only win when our employees succeed and we're dedicated to helping you develop your strengths. We invest in weeks dedicated to tackling hard problems and creating your own ideas. We have a cultural foundation built on diversity, inclusion and innovation and we want you and your ideas to thrive at Cloud Communications Company.