About The Role
We are looking to hire an experienced Security Risk Management Specialist on our Governance, Risk, and Compliance team. This role will be responsible for identifying and managing security risk across Cloudflare's production environment and critical business functions.
At Cloudflare, risk management lays the foundation for protecting Cloudflare and our customers. The Risk team identifies risk throughout the company and prioritizes mitigation efforts to drive Security team roadmaps. We do not believe in tick-box security, so for us risk management is a pathway to doing things right.
This is an opportunity to join a rapidly scaling and world class security organization within a billion dollar business. We guarantee that you won't get bored.
What you'll do
- Support the governance process for the security risk register. This includes:
- Reviewing and advising on new risks and policy exceptions
- Ensuring the risk register and dependencies are up to date (e.g. Control Framework)
- Partnering with risk owners to align on risk remediation plans and timelines
- Driving discussions around risk remediation that involve significant effort or cross-functional collaboration
- Reviewing evidence submitted by the business to mitigate or close risks
- Re-reviewing accepted risks and exceptions periodically
- Supporting risk reviews with business and security leadership
- Driving program maturity through process improvements and tooling & automation
- Mentoring fellow team members on risk program initiatives
- Some travel may be required to engage teammates and stakeholders in San Francisco, Austin, London, Lisbon, or other global Cloudflare locations.
Desirable skills, knowledge and experience.
- Total work experience of 10+yrs
- Senior level experience typically gained in 4-8 years working in Security Governance, Risk, and Compliance
- Experience conducting risk & controls assessments and risk advisory
- Experience with risk rating methodologies
- Experience recommending mitigating controls and driving risk remediation
- Experience reporting on risks and program metrics to leadership
- Experience maturing or scaling risk program
- Strong understanding of security control frameworks such as SOC 2, ISO 27001, PCI DSS, and NIST SP 800-53
- Strong understanding of risk rating methodologies such as NIST SP 800-30 and ISO 31000
- Solid understanding of on-prem & cloud architectures and security controls
- Experience with data analytics and dashboarding tools such as Tableau, Looker Studio or Power BI is a plus
- Strong analytical and interpersonal skills
- Self-starter with the ability to work independently with a sense of curiosity
Top Skills
What We Do
Cloudflare, Inc. (NYSE: NET) is the leading connectivity cloud company on a mission to help build a better Internet. It empowers organizations to make their employees, applications and networks faster and more secure everywhere, while reducing complexity and cost. Cloudflare’s connectivity cloud delivers the most full-featured, unified platform of cloud-native products and developer tools, so any organization can gain the control they need to work, develop, and accelerate their business.
Powered by one of the world’s largest and most interconnected networks, Cloudflare blocks billions of threats online for its customers every day. It is trusted by millions of organizations – from the largest brands to entrepreneurs and small businesses to nonprofits, humanitarian groups, and governments across the globe.
Why Work With Us
Cloudflare employees come from all walks of life. We are mission-driven, and our team is energized by a collaborative, creative environment that celebrates our differences and fosters new ways to grow together.
Gallery
Cloudflare Offices
Hybrid Workspace
Employees engage in a combination of remote and on-site work.
We are committed to developing a global team that is distributed with a flexible working approach. Doing this equitably and inclusively is essential to our success. Visit our careers site for more on 'How & Where We Work.'
