Мэтч & Сопровод
Для мэтча с этой вакансией нужен Plus
Описание вакансии
TL;DR
Security Risk Manager (Cybersecurity): Designing and owning the end-to-end internal security risk management program with an accent on quantitative risk frameworks and automated monitoring. Focus on building data-driven risk scoring methodologies, automating risk identification pipelines, and delivering executive-level reporting to inform security investments.
Location: Based in San Francisco office (Hybrid: Mon, Tue, Thu in-office)
Salary: $194,000–$220,000
Company
Asana is a leading platform for human + AI collaboration used by millions of teams worldwide.
What you will do
- Design and mature a quantitative risk framework, including scoring methodologies and impact modeling.
- Maintain the central security risk register and track KRIs to drive accountability for remediation.
- Implement automated data pipelines to surface risks from vulnerability scanners, SIEMs, and cloud security tools.
- Develop executive-level dashboards that communicate security risk in business terms (probability, cost of breach, etc.).
- Partner with Legal, Privacy, Finance, and Engineering to influence security investments and risk awareness.
Requirements
- 7+ years of experience in information security with a strong focus on security risk management and GRC.
- Proven experience building or leading a security risk management program.
- Hands-on expertise with quantitative risk methodologies such as FAIR or statistical risk analysis.
- Experience scripting or building automation to integrate security tooling and data pipelines.
- Deep knowledge of NIST CSF, NIST SP 800-30, ISO 27001, SOC 2, and FedRAMP.
- Must be based in the San Francisco area to support the office-centric hybrid schedule.
Nice to have
- Curiosity and willingness to leverage AI tools to enhance productivity and decision-making.
Culture & Benefits
- Mental health, wellness, and fitness benefits.
- Career coaching and professional development support.
- Inclusive family building benefits.
- Long-term savings or retirement plans.
- In-office culinary options to cater to dietary preferences.
Будьте осторожны: если работодатель просит войти в их систему, используя iCloud/Google, прислать код/пароль, запустить код/ПО, не делайте этого - это мошенники. Обязательно жмите "Пожаловаться" или пишите в поддержку. Подробнее в гайде →