Lead Security Governance Analyst
At Rapid7, we’re on a mission to close the security achievement gap for our customers by simplifying the complex through shared visibility, analytics, and automation that unite teams around challenges and successes of cybersecurity. Our products and services empower over 9,100 customers across over 120 countries to seamlessly build security into the heart of their organizations.
Our internal Trust & Security Governance team within our Information Security department plays a crucial role in supporting our mission. We ensure we meet our duty of care to our customers, employees, and shareholders by creating effective governance for upholding internal security policies, distributing foundational security expertise across every department to create a strong security culture, and bolstering customer and community trust by providing accessible and transparent information about our internal security program. This role partners closely with other InfoSec teams, Legal, the Request, for Proposal (RFP) team, People Development, and many other teams at Rapid7
We’re looking for a Lead Security Analyst to help advance our Trust & Security Governance programs, helping us evolve security policies, streamlining our customer security inquiry response program, and scaling our security training across the company.
Your profile
Are you looking for a new opportunity to apply your security expertise to rapidly mature company-wide security governance programs? Do you want to have a direct impact on customers’ understanding of your organization’s security program? Are you excited about the opportunity to create a company-wide security culture that sticks? Do you eagerly seek out and embrace feedback from perspectives different from your own?
If you’ve been answering “yes” to these questions, then you might be the person we’re looking for! Keep reading below to learn more about this unique opportunity to drive impact on a security team at a security company.
What you’ll do
Create and maintain Rapid7’s security policy framework, including roles and responsibilities, self-service templates, and policy lifecycle processes
Partner with Legal and RFP teams to curate FAQ content in our customer security inquiry knowledge base, keeping it accurate and up-to-date by working with subject matter expert teams across InfoSec, Engineering, IT, etc.
Provide security expertise to Legal teams in the contract-negotiation process to ensure that contract terms accurately reflect Rapid7's cyber security capabilities.
Coordinate and respond to customer security inquiries, due diligence questionnaires, and security-related contract modifications
Continuously mature Trust processes through automation, self-service functionality, and process streamlining to shorten our Sales cycle and our customers’ due diligence cycle
Maintain and evolve security whitepapers, security content in product help docs, and Rapid7’s Trust site to create an excellent experience for customers and the community when trying to gauge our security capabilities
Partner with other InfoSec teams and People Development to create quality security training content/experiences for employees so they know how to uphold their security responsibilities
Develop broad knowledge of the implementation of Rapid7’s security controls, policies, and processes across our products and corporate environments
Build positive relationships with partner teams in Marketing, Legal, Sales, Business Operations, People Development, and other teams to continuously improve our internal security culture and external awareness of Rapid7’s security program
Help create metrics to demonstrate the efficiency and effectiveness of our Trust program and to inform continuous program improvements
Systematically track and report on customer feedback about our security program to inform the business about where we need to improve security to satisfy customers’ needs
Report and communicate security issues and topics to technical and non-technical audiences, ranging from individual contributors to C-suite executives
What you’ll bring
Experience working in information security, including but not limited to Governance, Risk, and Compliance (GRC); security trust operations; and/or security audit
Experience creating effective security awareness training experiences for topics such as (but not limited to) phishing/social engineering, safe data handling, secure software development, etc.
Experience supporting security compliance programs or operations involving frameworks such as ISO 27001, NIST CSF, PCI DSS, FedRAMP, CSA STAR, SIG/SCA, SOC 2 Type II, etc.
Knowledge of modern security problems and solutions for endpoint security, network security, cloud security, application security, identity & access management, vulnerability management, threat detection, and/or incident response
Strong focus and desire to impact together with your direct and cross-functional teammates at Rapid7
Excellent time management and prioritization skills with a strong ability to plan, prioritize, and execute projects independently or in coordination with other teams
Excellent ability to communicate to technical and non-technical audiences with a positive, collaborative, and enablement-focused attitude
Insatiable curiosity and desire to challenge conventional approaches to solving problems
Pluses
Experience implementing and operating technical security controls/tools in the context of vulnerability management, incident response, cloud security, application security, etc.
Equal Opportunity Employer
Here at Rapid7, we fundamentally believe that every person deserves an equal opportunity to build an exceptional career! We embrace our similarities, celebrate our differences and strongly believe that EVERYONE has the right to be treated with respect and dignity. We have a ZERO tolerance policy for discrimination based on race, ethnicity, religion, gender, sexual orientation, gender identity, national origin, disability, veteran status, marital status, or any other status protected under federal, state, or local law. More importantly though, we just fundamentally believe it’s the right way to build a business and healthy community. We pride ourselves on our unique culture and our commitment to diversity, equity, and inclusion--it is the stitch that holds the fabric of our culture together!