Security Risk Management - Program Manager

Information Security - Who We Are

The Information Security (InfoSec) organization advances the overall state of security at Rubrik through critical initiatives and coordination of large security projects. Information Security builds technologies, tools, and processes to better enable teams at Rubrik to develop secure software and protect data and systems with appropriate security controls. Information Security also develops systems to monitor and respond to attacks against our systems, provides awareness education to teams on security best practices for data protection, and ensures data sharing relationships with third parties in order to securely protect Rubrik information. 

What You’ll Do

We are looking for a senior information security risk and compliance analyst to be a part of our security risk management team, which focuses on building and supporting a security risk oversight function. Help us elevate and accelerate the maturity of our risk management and compliance capabilities by leading prioritized activities related to our security risk management strategy. The successful candidate will need to build and maintain strong cross-functional relationships across the company. To achieve this you must have excellent leadership, communication, and decision making skills.

Responsibilities:

• Lead the collection and in-depth analysis of security risk data, employing advanced quantitative and qualitative techniques.
• Strategize and implement comprehensive risk analysis frameworks using real-world security data, advanced analytics, and systems automation.
• Regularly document and present sophisticated security risk analyses, fostering collaboration across all organizational levels, including executive leadership.
• Drive the enhancement of the security program, identifying and integrating cutting-edge opportunities to apply advanced security principles and technologies.
• Oversee and evaluate the security configurations of new or existing applications, software, or utilities, providing high-level risk management recommendations.
• Spearhead strategic and technical initiatives, conduct comprehensive Operational Risk Assessments, oversee Risk Acceptance processes, and develop strategic risk posture and remediation plans.
• Monitor, assess, and enhance security measures to protect against advanced threats or hazards to information privacy, security, or integrity.
• Lead the risk and compliance team, building robust cross-functional relationships across the company to achieve consensus, set expectations, and promote continuous process improvement.
• Direct the production and refinement of security governance, risk, and compliance analysis and reporting, ensuring superior content quality and timely delivery.
• Own and lead the remediation of complex technical security and compliance risks with cross-functional teams, orchestrating meetings, assigning and tracking tasks, and generating comprehensive reports.

Preferred Qualifications:

• 7+ years of experience in Information Security Governance, Risk and Compliance (GRC) or relevant high-level compliance roles, preferably in the technology sector.
• Proven leadership in managing comprehensive security and/or operational risk frameworks in organizations with sophisticated risk oversight functions.
• Expertise in designing and operationalizing risk & control assessments, with a deep understanding of various information levels and assessment strategies.
• Proficient in managing risk registers and prioritizing security-related initiatives.
• Capable of designing and executing strategic solutions, operational plans, and roadmaps to achieve organizational goals.
• Experience in implementing and leveraging agile methodologies within a GRC technology framework.
• Demonstrated executive presence, with a track record of representing visions and building consensus among diverse stakeholders.
• Advanced skills in estimating work efforts and fostering team skill development to meet objectives.
• In-depth knowledge of security risks, vulnerabilities, and threats, with the ability to lead discussions on risk treatment and management.
• Comprehensive understanding of prominent information security frameworks, regulatory compliance requirements, and risk management methodologies.
• Expertise in risk quantification, with experience in FAIR or similar models for risk analysis and reporting.
• Advanced proficiency in data analytics and business intelligence tools, along with agile project management platforms.
• Exceptional problem-solving skills, with an ability to grasp the larger context while managing detailed technical issues.
• Quick learner with the capacity to adapt to new technologies and methodologies with minimal transition time.
• Effective communicator, capable of discussing technical and business issues with varied audiences.
• Experience in fast-paced, high-growth environments is desirable.
• Advanced degree in Security, Computer Science, Management Information Systems, or a related field is preferred.
• Experience in SaaS and data management industries is a plus.
• Professional certifications in Information Security or Risk Management (e.g., CISA, CISM, CRISC, CGEIT, CSX-P, CISSP, CCSK) are strongly preferred.