Manager, Security Governance
As Rapid7 continues to grow and scale our products and customer base, the Trust and Security Governance team leads the efforts to continue to evolve and mature our internal security program, establish and maintain trust with our customers and the community, and collaborate across all of the relevant teams inside the company to build and nurture awareness of our security program, company policies and security risks.
The Manager, Information Security Risk Management is an integral part of our Enterprise Risk Management and Third Party Risk Management programs, leading Information Security Risk Management activities in support of these functions. The Manager, Information Security Risk Management provides leadership to develop and implement consistent information security risk management practices and works closely with stakeholders throughout the organization to drive continued awareness and improvement.
Responsibilities
Manage and enhance the information security risk management program, including participation in broader enterprise risk management and third party risk management activities
Manage and maintain the information security risk management strategy that guides and informs risk-based decisions, including how risk is defined, assessed, responded to, and monitored over time
Ensure information security risk management program and strategy keep pace with evolving global standards, guidelines and regulations
Build strong and contextual security governance procedures (charters, steering committees, and approval flows) in relation to the information security risk management and third party risk management functions
Enhance and manage the information security risk assessment process against our infrastructure, products and suppliers; establishing key metrics and partnering with stakeholders including IT and engineering teams to ensure appropriate plans are in place to mitigate identified risks and continuously improve the program
Identify opportunities for automation within the information security risk management and third party risk management functions and build/implement solutions
Provide oversight to ensure information security risk management activities are documented and consistently performed
Lead the implementation and ongoing improvement of security training and awareness initiatives that educate stakeholders throughout the company on their role in managing risk and partnering to improve the organizational risk posture
Work with PMO to ensure projects are properly scoped, tracked, communicated, and completed in an effective and efficient manner
Manage and develop a team of individual direct reports
Qualifications
Demonstrated experience with security audits, security control assessments, risk assessments, and/or compliance program management
Demonstrated experience creating and documenting risk methodologies, maintaining risk registers, performing risk assessments and driving risk mitigation projects
Demonstrated experience with third party risk assessment and management
Demonstrated experience with security standards/frameworks such as ISO 27001, SOC 2, PCI, FedRAMP, NIST CSF, etc.
Knowledge of applicable regulations such as SOX, GDPR, etc. to manage risk and ensure compliance
Experience managing, developing and growing security teams
Excellent communication skills, including the ability to communicate security and risk-related concepts to technical and nontechnical audiences
Excellent time management and prioritization skills with a strong ability to plan, prioritize, and execute projects independently or in coordination with other teams
Effective negotiating, critical thinking and problem-solving skills, including the ability to optimize risk mitigation approaches across diverse business units
Rapid7 (Nasdaq: RPD) is advancing security with visibility, analytics, and automation delivered through our Insight cloud. Our solutions simplify the complex, allowing security teams to work more effectively with IT and development to reduce vulnerabilities, monitor for malicious behavior, investigate and shut down attacks, and automate routine tasks. Over 9,300 customers rely on Rapid7 technology, services, and research to improve security outcomes and securely advance their organization. For more information, visit our website, check out our blog, or follow us on LinkedIn.