Cyber Risk Quantification Manager at Dropbox
If you thrive on being a radical change agent, have an analytical mindset, and are excited about changing the paradigm of communicating security risk, we want you on our team!
NOTE: While FAIR & RiskLens experience is desired, it’s absence is not a deal breaker.
- Develop security specific loss event scenarios across business domains
- Create a continuous improvement program to facilitate security teams ability to independently create & present Rapid Risk Assessments
- Develop FAIR based cost benefit analysis to assist security teams communicate and compare risk mitigation options and prioritize initiatives
- Partner with stakeholders and leadership to achieve successful risk reduction
- Monitor risk mitigation strategy plans to help bring open security risks to closure.
- Internal socialization of DropBox’s quantitative/FAIR based program
- Facilitate risk quantification meetings and working group sessions
- Partner with teammates, subject matter experts to present risk quantification results, cost justification and reduction proposals to senior leadership
- Facilitate formal and informal risk quantification/FAIR training and socialization efforts
- 8+ years of risk management experience
- Strong critical thinking and analytical skills
- Intermediate to advanced knowledge of core cybersecurity fundamentals
- Experience with cyber risk quantification models. Factor Analysis of Information Risk (FAIR) and RiskLens a plus.
- Ability to decompose complex systems and problems
- Excellent ability to communicate complex subjects effectively, especially at the executive level
- Experience designing, implementing and managing security controls and processes
- Bachelor's degree or equivalent IT work experience
- Experience in one or more areas: Security Assurance, Security Operations, Threat Modeling
- One or more certifications: OpenFAIR, CISSP, CRISC, CISA
- People management experience