Security Risk Management Specialist

Cloudflare is hiring for the role of  Security Risk Management Specialist!

Responsibilities of the Candidate:

• Support the governance process for the security risk register. This includes: 
  • Reviewing, triaging, and rating new risks and policy exceptions 
  • Keeping the risk register and dependencies up to date (e.g. Control Framework)
  • Working with risk owners to document risk treatment plans 
  • Reviewing evidence submitted by the business to mitigate or close risks 
  • Re-reviewing accepted risks and exceptions periodically
• Drafting status updates and updating risk metrics for leadership 
• Maintaining process documentation and risk register tooling
• Some travel may be required to engage teammates and stakeholders in San Francisco, Austin, London, Lisbon, or other global Cloudflare locations.

Requirements:

• Experience typically gained in 2-5 years working in Security Governance, Risk, and Compliance 
• Experience conducting risk and controls assessments 
• Experience managing risk findings and recommending mitigating controls
• Experience drafting risk reports and reporting program metrics to management
• Solid understanding of security control frameworks such as SOC 2, ISO 27001, PCI DSS, and NIST SP 800-53
• Understanding of risk rating methodologies such as NIST SP 800-30 and ISO 31000
• Understanding of on-prem & cloud architectures and security controls 
• Experience with data analytics and dashboarding tools such as Tableau, Looker Studio or Power BI is a plus
• Strong analytical and interpersonal skills
• Self-starter with the ability to work independently with a sense of curiosity.