Senior Security Risk Management Specialist - Risk Remediation

Available Locations: Bengaluru
About The Role
We are looking to hire an experienced Security Risk Management Specialist on our Governance, Risk, and Compliance team. This role will be responsible for identifying and managing security risk across Cloudflare's production environment and critical business functions.
At Cloudflare, risk management lays the foundation for protecting Cloudflare and our customers. The Risk team identifies risk throughout the company and prioritizes mitigation efforts to drive Security team roadmaps. We do not believe in tick-box security, so for us risk management is a pathway to doing things right.
This is an opportunity to join a rapidly scaling and world class security organization within a billion dollar business. We guarantee that you won't get bored.
What you'll do

• Support the governance process for the security risk register. This includes:
• Reviewing and advising on new risks and policy exceptions
• Ensuring the risk register and dependencies are up to date (e.g. Control Framework)
• Partnering with risk owners to align on risk remediation plans and timelines
• Driving discussions around risk remediation that involve significant effort or cross-functional collaboration
• Reviewing evidence submitted by the business to mitigate or close risks
• Re-reviewing accepted risks and exceptions periodically
• Supporting risk reviews with business and security leadership
• Driving program maturity through process improvements and tooling & automation
• Mentoring fellow team members on risk program initiatives
• Some travel may be required to engage teammates and stakeholders in San Francisco, Austin, London, Lisbon, or other global Cloudflare locations.

Examples of desirable skills, knowledge and experience.

• Senior level experience typically gained in 4-8 years working in Security Governance, Risk, and Compliance
• Experience conducting risk & controls assessments and risk advisory
• Experience with risk rating methodologies
• Experience recommending mitigating controls and driving risk remediation
• Experience reporting on risks and program metrics to leadership
• Experience maturing or scaling risk program
• Strong understanding of security control frameworks such as SOC 2, ISO 27001, PCI DSS, and NIST SP 800-53
• Strong understanding of risk rating methodologies such as NIST SP 800-30 and ISO 31000
• Solid understanding of on-prem & cloud architectures and security controls
• Experience with data analytics and dashboarding tools such as Tableau, Looker Studio or Power BI is a plus
• Strong analytical and interpersonal skills
• Self-starter with the ability to work independently with a sense of curiosity