Senior Information Security Risk Specialist – GRC
SentinelOne
full-time
Posted on:
Location Type: Remote
Location: Remote • 🇺🇸 United States
Visit company websiteSalary
💰 $104,000 - $138,000 per year
Job Level
Senior
About the role
- Support the planning and performance of IT risk-based security audits and projects, risk assessments, execution of fieldwork and communication to stakeholders.
- Help in evaluating relevant global standards, compliance frameworks and regulations to analyze existing controls; identify areas for improvement; and design control growth.
- Collaborate with process and control owners through the audit lifecycle for process documentation updates, testing coordination, remediation of identified deficiencies and advising on internal control enhancements or process changes, as appropriate.
- Proactively manage audit findings, tracking and documentation of status updates obtained via action owners, and timely execution of remediation activities.
- Participate in internal security and compliance programs and track recurring controls, such as SSAE 18 SOC 2, ISO 27001/27002.
- Provide control consultative support to the business to assist in redesign efforts to improve the control environment and identify opportunities for control improvements with the objective of mitigating risk and improving compliance and operational performance.
- Help support internal/external audits and evidence collection via a GRC tool.
- Document new and update existing policies, procedures, standards and resources.
- Participate in Security awareness program, train personnel on data security and privacy-related processes and responsibilities.
- Help support customer security reviews, RFPs and external security and privacy inquiries.
- Participate in defining, collecting and tracking various Security Metrics.
Requirements
- 5+ years of experience working in information security, risk or compliance.
- Experience working with Security Controls across at least some of the following domains: Access Management, Encryption, Risk Management, Network Security, Configuration Management, Patch Management, Change Management, Awareness and Training, BC/DRP, etc.
- Ability to perform internal audits with minimal direct supervision, exhibit professional audit judgment and have experience in a broad range of audit projects such as SSAE 16/18 SOC 2, ISO 27001/2, NIST.
- Strong risk management experience, performing assessments and audits, designing controls, managing enterprise control frameworks, and prioritizing risk.
- Strong project management skills and ability to manage a variety of projects simultaneously to completion within the agreed timelines.
- Excellent collaboration and interpersonal skills. Must be able to communicate with all levels in the organization.
- Ability to communicate effectively, in writing and verbally, to target audiences, including customers, partners, auditors, executive management, vendors, and peers.
- Experience working with both technical and non-technical teams.
- Ability and desire to understand the intent of requirements and provide effective recommendations.
- Ability to prioritize in a highly dynamic work environment.
Benefits
- Medical, Vision, Dental, 401(k), Commuter, Health and Dependent FSA
- Unlimited PTO
- Industry-leading gender-neutral parental leave
- Paid Company Holidays
- Paid Sick Time
- Employee stock purchase program
- Disability and life insurance
- Employee assistance program
- Gym membership reimbursement
- Cell phone reimbursement
- Numerous company-sponsored events, including regular happy hours and team-building events
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard skills
information securityrisk managementcomplianceinternal auditssecurity controlsproject managementSSAE 16/18 SOC 2ISO 27001/27002NISTcontrol design
Soft skills
collaborationinterpersonal skillscommunicationprofessional judgmentprioritizationadaptabilityrecommendation skillsteamworkproblem-solvingtime management