We are looking for a technical Risk Manager to enhance Seismic’s overall security program. This position will partner with other teams including, IT, Operations, Engineering, and others to identify, mitigate, and manage risk in the organization.

In this role, you will be communicating to senior management on relative risk exposure and presenting strategic alternatives to steer around risk while achieving business outcomes.

You will be reporting the Director of Information Security, with the expectation of building out the risk team as the company rapidly grows.

What you’ll be doing:

Assist the Director of Information Security on managing risk by developing mitigations and contingencies plans for the organization including:

• Risk assessments in a multi-cloud environment
• Supporting internal audit capabilities
• Defining risk posture
• Develop Objectives and Key Results around risk management
• Identify risk and develop risk control programs
• Support compliance efforts around security standards such as ISO 27001, AICPA SOC 2 controls, and other relevant frameworks.
  • Staying current on the latest updates to those standards
  • Brief senior management on the impact of changes and their effect on risk posture
• Support the Information Security team on dynamic security projects when required
• Research and make recommendations on Global risks that may affect the company mission

What you’ll bring to the team:

• Bachelor’s Degree in a related field or commensurate work experience
• 8+ years in Information Security
• Experience in audit, enterprise risk management, or compliance with knowledge of the following regulatory and industry requirements and standards
  • SOC 2 Type 2
  • ISO 27001, 27002
  • NIST Cybersecurity Framework
  • OWASP Top Twenty
  • CIS Controls
• Excellent written and verbal communication skills. You will prepare reports and make presentations to senior level management.
• You must also be able to coordinate with multiple levels of the organization to collaborate, identify risk, and represent in a manner that is understandable and promotes positive change.
• Experience in quantitative risk analysis methodologies such as FAIR (preferred) 
• Professional certifications in risk management or risk control
• Experience with cloud platforms (Azure, AWS, GCP) (Required)
• Experience with multi-cloud (preferred)
• Experience with Risk Management and Vendor Risk Management Systems.
• CISSP, SANS, security certifications
• CISA, CISM, ISACA or related security assessment certifications

Nice-to-have's:

• Strategic Planning
• Data Analysis
• Business Analysis
• OKR Process

What we have for you:

• Generous PTO, paid holidays, and paid parental leave
• Competitive Medical, Dental and Vision Plans
• Robust 401(k) fund options with company matching
• Flexible work schedule
• Seismic Cares volunteer program
• #OneSeismic culture that celebrates wins, encourages autonomy, ownership, and transparency

#LI-MB

#LI-Remote