Cyber Risk Quantification Manager
Role Description
As a trusted member of the Security Organization, the Cyber Risk Quantification Manager will be instrumental in the design, implementation, and management of Dropbox’s Factor Analysis of Information Risk (FAIR) security program. Specifically, your role will be to build relationships, understand risk profiles, technology stacks and dependencies of business partners supported by the security organization. Additionally, the Cyber Risk Manager will review and optimize detailed and rapid risk assessments, support executive reporting, provide governance of and continuous optimization of processes that support the RiskLens & GRC platforms.
If you thrive on being a radical change agent, have an analytical mindset, and are excited about changing the paradigm of communicating security risk, we want you on our team!
NOTE: While FAIR & RiskLens experience is desired, it’s absence is not a deal breaker.
Responsibilities
- Develop security specific loss event scenarios across business domains
- Create a continuous improvement program to facilitate security teams ability to independently create & present Rapid Risk Assessments
- Develop FAIR based cost benefit analysis to assist security teams communicate and compare risk mitigation options and prioritize initiatives
- Partner with stakeholders and leadership to achieve successful risk reduction
- Monitor risk mitigation strategy plans to help bring open security risks to closure.
- Internal socialization of DropBox’s quantitative/FAIR based program
- Facilitate risk quantification meetings and working group sessions
- Partner with teammates, subject matter experts to present risk quantification results, cost justification and reduction proposals to senior leadership
- Facilitate formal and informal risk quantification/FAIR training and socialization efforts
Requirements
- 8+ years of risk management experience
- Strong critical thinking and analytical skills
- Intermediate to advanced knowledge of core cybersecurity fundamentals
- Experience with cyber risk quantification models. Factor Analysis of Information Risk (FAIR) and RiskLens a plus.
- Ability to decompose complex systems and problems
- Excellent ability to communicate complex subjects effectively, especially at the executive level
- Experience designing, implementing and managing security controls and processes
Desired Skills
- Bachelor's degree or equivalent IT work experience
- Experience in one or more areas: Security Assurance, Security Operations, Threat Modeling
- One or more certifications: OpenFAIR, CISSP, CRISC, CISA
- People management experience