Manager, Information Security - GRC

Today, there's more data and users outside the enterprise than inside, causing the network perimeter as we know it to dissolve. We realized a new perimeter was needed, one that is built in the cloud and follows and protects data wherever it goes, so we started Netskope to redefine Cloud, Network and Data Security. 

About the position: 

Based in St. Louis, this role is a member of the Global Information Security (GIS) team which has oversight and operational responsibilities for the Information security of Netskope. The Information Security Manager, Governance Risk and Compliance (GRC) will be a key member and manager of the GRC team responsible for collaborating with the business on GRC activities, administering GRC solutions, managing external and internal auditing activities, managing the Cyber Risk Management Program including third party vendor risk management and ensuring compliance objectives are being achieved across the organization. 

Job Requirements:

• Minimum of 7 years in an information security GRC role testing, monitoring, assurance within compliance, audit and operations with at least 3 years in a management or team lead role
• Responsible for managerial responsibilities such as staffing, performance assessment, career path planning, training, and coaching/mentoring for all GRC team members
• Strong understanding of cybersecurity, networking, system and cloud technologies
• Strong experience with testing and monitoring manual and automated controls
• Evaluating design and operating effectiveness of controls
• Ability to monitor, measure and test core business processes against internal policies and procedures
• Validating test procedures against controls, issue identification, root cause analysis and impact assessment
• Documenting results following compliance framework to arrive to conclusions
• Deliver value and insights by providing recommendations/improvements around processes and/or controls to business partners
• Effectively communicate and report out on plans, status, issues, risks, and requirements to all levels of stakeholders
• Develop and manage Metrics and Measures Programs
• Effectively communicates and influences at all levels of the organization
• Manage workload, prioritizing tasks and documenting time.
• Provides training, and coaching for Analysts, Engineers, and business partners
• Drive the value of Compliance as a strategic partner
• Keep up-to-date on industry and regulatory changes
• Able to thrive and succeed in a fast paced organization and deliver efficient outcomes
• Effectively communicates and influences at all levels of the organization
• Assist in conducting enterprise-wide, ongoing risk analysis in tandem with compliance and internal audit.
• Assist in the development and management of the Cyber Risk Management Program and performing supporting tasks
• Support Customer risk assessments, audits, and evidence collection.
• Contributes to security procedures and requirements documentation 
• Assists in development and maintenance of Information Security control mappings to defined frameworks
• Should be able to think "Out of the box". Possess ability to think and implement new processes and controls. 
• Excellent written and verbal communication skills.
• Self-motivated, curious, knowledgeable pertaining to news and current events.

Preferred Qualifications:

• Strong team leadership skills and proven track record of success
• Strong communication in written and verbal, plus the ability to articulate and decipher complex business and regulatory areas with compliance, legal, business operations, product management, product development, engineers, and security
• Strong attention to detail, excellent organizational and multitasking skills
• Strong analytical skills leverages data to identify issues and data trends for impact and root cause analysis
• Strong people skills, including the ability to partner effectively and influence change with stakeholders across the organization
• Strong knowledge of information security governance, risk, and IT Controls compliance program,
• Experience with conducting risk assessment and knowledge of current industry good practice for risk assessment methodologies and tools,( e.g., FEDRAMP, NIST, ISO)
• Should possess relevant technical/professional qualifications/certification such as CISSP, CISM, CISA or ISO 27001 Lead Auditor/Implementer equivalent.
• US Citizen or Permanent Resident

Preferred Skills:

• General knowledge of security technologies and approaches to secure an organization.
• General knowledge of risk management and how to use risk management in a security program.
• Leadership, management, and team building skills

Desired Skills:

• Experience in performing risk assessments.
• Experience in third party (vendor) risk management
• Knowledge and experience in managing GRC tools.
• Highly analytical with the ability to present your analysis
• Strong written and verbal communication
• Experience in maintaining metrics and measures.
• Experience in supporting customer audits
• Experience working with software engineering teams in an agile/dynamic environment
• General understanding of meeting multiple/global compliance frameworks such as ISO 27001, FedRAMP, SSAE-18 SOC2, CSA STAR, Security Control Framework, HIPAA, PCI-DSS, etc. 

Education: 

Bachelor degree preferred.  

#LI-SC1

Netskope is committed to implementing equal employment opportunities for all employees and applicants for employment. Netskope does not discriminate in employment opportunities or practices based on religion, race, color, sex, marital or veteran statues, age, national origin, ancestry, physical or mental disability, medical condition, sexual orientation, gender identity/expression, genetic information, pregnancy (including childbirth, lactation and related medical conditions), or any other characteristic protected by the laws or regulations of any jurisdiction in which we operate.

Netskope respects your privacy and is committed to protecting the personal information you share with us, please refer to Netskope's Privacy Policy for more details.