Description
With Confluent, organizations can harness the full power of continuously flowing data to innovate and win in the modern digital world. We have a purpose that drives us to do better every day – we're creating an entirely new category within data infrastructure - data streaming. This technology will allow every organization to create experiences and use the power of data in ways that profoundly impact the way we all live. This impact is our purpose and drives us to do better every day.
One Confluent. One team. One Data Streaming Platform.
Data Connects Us.
About the Role:
As the Staff Governance, Risk and Compliance Program Manager in the Trust & Security organization you will play a critical role in fulfilling the vision to secure Confluent’s platform and cloud offerings through a combination of technical expertise, policy governance, security risk management, third party risk management, certification compliance and excellent program management skills. You should be experienced in creating and maintaining a risk register, facilitating security control discussions with internal and external stakeholders, customers, performing risk assessments, developing metrics programs and senior management as well as corporate governance reporting, i.e. audit committee and board of directors.
What You Will Do:
- Lead efforts to improve and operate our risk register and issue management programs by managing risk management activities to ensure security risks are centrally and consistently cataloged, and monitored
- Lead Issue and action management to ensure steady progress is made towards a resolution that addresses the root cause(s) and prevents issue recurrence
- Build and manage risk exception process, and derive risk insights from open exceptions
- Perform third-party risk assessments to maintain oversight of third-party vendors
- Be a risk advisor and collaborate with SMEs to ensure adequate processes and controls are in place to manage risk and are aligned with leading best practices
- Produce insights from our aggregated risks to highlight relevant risk trends or behaviors, and deliver periodic reporting to measure our risk posture and enable escalations where necessary
- Provide timely and accurate reports on credit quality control findings, trends, and recommendations for enhancing processes, control environment, improving consistency of execution, and mitigating risks
- Evaluate the effectiveness of information security controls and performance by developing, analyzing and reporting information security and compliance metrics regularly for leadership, management committees or the Board
- Keep up with relevant regulations, emerging threats, forecasts, policies, and best practices, and maintain a mindset of constant innovation to consider possibilities in advancing our risk management framework
- Lead adoption of a common risk and control framework
- Lead implementation and operation of Governance Risk and Compliance (GRC) tooling to further improve and automate our GRC processes
- Harness synergies from security-related workflows such as security incident response, vulnerability management, and threat intelligence to build more informed risk intelligence that drives more purposeful action or recommendations
What You Will Bring:
- 8+ years of relevant industry experience
- Strong knowledge of and experience in governance, security risk management and compliance frameworks including related regulatory compliance requirements (e.g., SSAE18 (SOC 1 and 2), HITRUST, FedRAMP, PCI, ISO2700X, GDPR, ISAE 3400 and 3402, ISO 27001, HIPAA, CSA, CIS, NIST, C5, and other regulatory standards)
- Strong knowledge of and experience in all facets of integrated security governance, risk, and compliance management
- Experience in running long-term, complex security programs that deliver iterative improvements and risk reduction
- Strong security engineering fundamentals background in infrastructure security controls in GCP, AWS, Azure, and/or web application security
- Strong communication, interpersonal and leadership skills to work with both engineering and other non-technical stakeholders
- Bachelor's degree in Computer Science, a related field, or equivalent practical experience
- Current Security CISSP, CRISC, CISM or equivalent certification completed or currently in progress is a plus
Come As You Are
At Confluent, equality is a core tenet of our culture. We are committed to building an inclusive global team that represents a variety of backgrounds, perspectives, beliefs, and experiences. The more diverse we are, the richer our community and the broader our impact. Employment decisions are made on the basis of job-related criteria without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, or any other classification protected by applicable law.
At Confluent, we are committed to providing competitive pay and benefits that are in line with industry standards. We analyze and carefully consider several factors when determining compensation, including work history, education, professional experience, and location. This position has an annual estimated salary of 177,900 - 208,980 USD, an annual bonus, and a competitive equity package. The actual pay may vary depending on your skills, qualifications, experience, and work location. In addition, Confluent offers a wide range of employee benefits. To learn more about our benefits click HERE.
Click HERE to review our Candidate Privacy Notice which describes how and when Confluent, Inc., and its group companies, collects, uses, and shares certain personal information of California job applicants and prospective employees.
#LI-Remote