Cybersecurity Risk Manager

Sorry, this job was removed at 03:45 p.m. (CST) on Monday, Jun 24, 2024
Hiring Remotely in NM
Remote
Internship
Blockchain • eCommerce • Fintech • Payments • Software • Financial Services • Cryptocurrency
Our purpose is economic empowerment.
The Role

Company Description
Block is one company built from many blocks, all united by the same purpose of economic empowerment. The blocks that form our foundational teams - People, Finance, Counsel, Hardware, Information Security, Platform Infrastructure Engineering, and more - provide support and guidance at the corporate level. They work across business groups and around the globe, spanning time zones and disciplines to develop inclusive People policies, forecast finances, give legal counsel, safeguard systems, nurture new initiatives, and more. Every challenge creates possibilities, and we need different perspectives to see them all. Bring yours to Block.
Job Description
The Security Governance, Risk and Compliance (GRC) team collaborates with cross-functional teams (Engineering, Industry Relations, Security, Counsel, PMO and Product teams) to ensure Block products can launch anywhere in the world, while managing cybersecurity risk and maintaining compliance with industry, partner, and regulatory information security standards, requirements, and obligations. As a Cybersecurity Risk Manager, you will play a key role in the execution of Block's Cybersecurity Risk Governance program which entails cybersecurity risk management, security issue governance, and common controls governance.
You will report to the Cybersecurity Risk Governance Lead and collaborate with teams across Block to operate the cybersecurity risk management program for all business units (BUs) in order to enable Block to take principled risks. This is a second line of defense role focused on cybersecurity risk management.
You will:

  • Lead ongoing and periodic risk assessment exercises, including deep-dive risk assessments into engineering design, implementation, and operation, implementation, and operation of complex products, services, infrastructure and architectures
  • Develop an approach to automate risk data and signal collection, enrichment, and translation from multiple disparate sources across Block
  • Collaborate with cross-functional 1st-line teams (engineering, product, others) to provide security risk analysis and consultation to integrate risk scenarios and treatment into product lifecycle
  • Develop periodic risk highlight reports for senior executives to aid awareness and risk-informed decision making
  • Work with stakeholders to manage the prioritization and execution of risk-reduction activities across BUs
  • Provide domain and subject matter expertise in partnership with engineering teams towards the creation of effective risk-related governance documentation
  • Influence and contribute to the evolution of the current risk management program
  • Improve and optimize existing risk assessment practices that monitor cybersecurity risks across all Business Units, using both quantitative and qualitative methodologies
  • Develop and prepare risk and control metrics, reports & executive dashboards
  • Proactively work to balance the needs of the 1st-line business teams and the need for regulatory compliance
  • Drive risk mitigation and control improvement actions identified from various security and risk management initiatives
  • Support the maturation of various 2nd line of defense security functions
  • Work with stakeholders to conduct in-depth research on in-house systems, services, and infrastructure in order to provide accurate and objective risk management advisory
  • Support the creation of governance documentation and technical specification based on internal policies, procedures, best practices, standards, and frameworks to support risk management, compliance, and audit efforts
  • Partner with stakeholders in the development of relevant security governance processes based on sound risk assessment exercises
  • Support the adoption, evolution, and continuous improvement of a GRC program


Qualifications
You have:

  • 8+ years of experience in developing, managing & supporting Cybersecurity Risk programs for technology-focused companies
  • Strong technical background with deep knowledge of enterprise infrastructure, systems engineering, security infrastructure and controls
  • Experience in setting up and leading the implementation of information systems governance standards and frameworks, including automating GRC processes
  • Experience in integrating cybersecurity risk management and control frameworks
  • Experience working extensively with GRC solutions, tools, platforms and ERM processes
  • Familiarity with using data visualization tools with the ability to develop risk and control charts, dashboards, and reports
  • Experience with leading the implementation/adoption of industry security, audit, and privacy standards, frameworks, and regulations (e.g., NIST RMF, ISO27001, PCI DSS, GDPR, COBIT, AICPA Trust Principles (SOC 2/3), NIST CSF, CCPA, SCF)
  • Relevant Industry certifications (e.g., MoR, CISSP, CRISC, CISA, CISM)


Qualifications
You have:

  • 8+ years of experience in developing, managing & supporting Cybersecurity Risk programs for technology-focused companies
  • Strong technical background with deep knowledge of enterprise infrastructure, systems engineering, security infrastructure and controls
  • Experience in setting up and leading the implementation of information systems governance standards and frameworks, including automating GRC processes
  • Experience in integrating cybersecurity risk management and control frameworks
  • Experience working extensively with GRC solutions, tools, platforms and ERM processes
  • Familiarity with using data visualization tools with the ability to develop risk and control charts, dashboards, and reports
  • Experience with leading the implementation/adoption of industry security, audit, and privacy standards, frameworks, and regulations (e.g., NIST RMF, ISO27001, PCI DSS, GDPR, COBIT, AICPA Trust Principles (SOC 2/3), NIST CSF, CCPA, SCF)
  • Relevant Industry certifications (e.g., MoR, CISSP, CRISC, CISA, CISM)

What the Team is Saying

Scott Maher
David Grodsky
Victoria Fan Azalde
Ahmed Ali Bob
Lynette Johnson McGee
Cesar Alaniz
Khiry Shank
The Company
HQ: Oakland, CA
12,000 Employees
Hybrid Workplace
Year Founded: 2009

What We Do

Block, Inc. (NYSE: SQ) is a global technology company with a focus on financial services. Made up of Square, Cash App, Spiral, TIDAL, and TBD, we build tools to help more people access the economy.

Square helps sellers run and grow their businesses with its integrated ecosystem of commerce solutions, business software, and banking services. With Cash App, anyone can easily send, spend, or invest their money in stocks or Bitcoin. Spiral (formerly Square Crypto) builds and funds free, open-source Bitcoin projects. Artists use TIDAL to help them succeed as entrepreneurs and connect more deeply with fans. TBD is building an open developer platform to make it easier to access Bitcoin and other blockchain technologies without having to go through an institution.

Why Work With Us

Across our ecosystem, we’re working to help our diverse audiences — sellers, individuals, artists, fans, developers, and all the people in between — overcome barriers to access the economy.

Gallery

Gallery
Gallery
Gallery
Gallery
Gallery
Gallery
Gallery
Gallery
Gallery
Gallery

Block Teams

Team
Our Ecosystem
About our Teams

Block Offices

Hybrid Workspace

Employees engage in a combination of remote and on-site work.

Most employees can join Block in an office location, from home, or with a mix of both. We create work spaces and experiences that help individuals and teams to be their most creative and collaborative.

Typical time on-site: Flexible
Company Office Image
HQOakland, CA
Company Office Image
Tech Central Sydney
Company Office Image
Atlanta, GA
Company Office Image
Auckland, NZ
Chisinau, MD
Dublin, IE
Kitchener, Ontario
London, GB
Company Office Image
Melbourne, Victoria
Company Office Image
New York, NY
Oslo, NO
Portland, OR
Salt Lake City, UT
San Francisco, CA
Scottsdale, AZ
Seattle, WA
St Louis, MO
Tokyo, JP
Toronto, Ontario
Learn more

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account