At SAFE Security, our vision is to be the Champions of a Safer Digital Future and the Catalysts of Change. We believe in empowering individuals and teams with the freedom and responsibility to align their goals, ensuring we all move forward together.
We operate with radical transparency, autonomy, and accountability—there’s no room for brilliant jerks. We embrace a culture-first approach, offering an unlimited vacation policy, a high-trust work environment, and a commitment to continuous learning. For us, Culture is Our Strategy—check out our Culture Memo to dive deeper into what makes SAFE unique.
We’re seeking a Cyber Risk Management Specialist to join our high-impact Risk Management team. In this role, you’ll drive risk assessments, support audits, manage third-party risk assessments, and ensure compliance with frameworks like ISO 27001, SOC 2, and data privacy regulations. You’ll also collaborate closely with our Threat Research team, contributing to continuous controls monitoring, risk strategy, and product innovation.
Core Responsibilities:
- To conduct enterprise-level risk assessments, identify control gaps, and track mitigation plans.
- To lead and support internal and external audits, including ISO 27001, SOC 2, and others.
- Maintain and improve the Information Security Management System (ISMS) based on ISO 27001 requirements.
- Ensure compliance with applicable regulatory requirements (e.g., GDPR, DPDP, CCPA, etc)
- Monitor and support the implementation of SOC 2 Type I/II controls and readiness programs.
- Drive the implementation and improvement of data privacy practices and controls across the organization.
- Perform third-party risk assessment.
- Develop, implement, and maintain risk registers, audit dashboards, and compliance trackers.
- Work on compliance crosswalks to map controls across various regulatory and industry standards.
- Collaborate with cross-functional teams to embed a risk-aware and privacy-by-design culture across the organization.
- Work closely with the product teams to contribute to the GRC-related features
Essential Skills/ Experience/ Qualifications:
- 3-5 years of experience in risk management, information security audit, SOC 2, or GRC roles.
- Strong working knowledge of ISO 27001, SOC 2, NIST, and data privacy frameworks.
- Familiarity with regulatory compliance requirements (GDPR, DPDP, CCPA)
- Experience in third-party/vendor risk assessments.
- Good understanding of privacy impact assessments (PIAs) and data processing workflows.
- Excellent documentation, reporting, and presentation skills.
- Strong interpersonal skills to work effectively across business and tech teams.
Certifications:
- ISO 27001 Lead Auditor or Lead Implementer certification is a must.
- Additional certifications like CISA, CISM, or CISSP are a plus.
If you’re passionate about cyber risk, thrive in a fast-paced environment, and want to be part of a team that’s redefining security—we want to hear from you! 🚀
Similar Jobs
What We Do
Safe Security is a pioneer in the “Cybersecurity and Digital Business Risk Quantification” (CRQ) space. It helps organizations measure and mitigate enterprise-wide cyber risk in real-time using it’s ML Enabled API-First SAFE Platform by aggregating automated signals across people, process and technology, both for 1st & 3rd Party to dynamically predict the breach likelihood (SAFE Score) & $$ Value at Risk of an organization Headquartered in Palo Alto, Safe Security has over 200 customers worldwide including multiple Fortune 500 companies averaging an NPS of 73 in 2020. Backed by John Chambers and senior executives from Softbank, Sequoia, PayPal, SAP, and McKinsey & Co., it was also one of the Top Contributors to the National Vulnerability Database(NVD) of the U.S. Government in 2019 and the ATT&CK MITRE Contributor in 2020. The company, since 2018, has also been working with MIT in joint research for the development of their SAFE Scoring Algorithm. Safe Security has received several awards including the Morgan Stanley CTO Innovation Award.
