Senior Information Security Risk Specialist
SentinelOne
This job is no longer accepting applications
See open jobs at SentinelOne.See open jobs similar to "Senior Information Security Risk Specialist" Accel.About Us:
SentinelOne is defining the future of cybersecurity through our XDR platform that automatically prevents, detects, and responds to threats in real-time. Singularity XDR ingests data and leverages our patented AI models to deliver autonomous protection. With SentinelOne, organizations gain full transparency into everything happening across the network at machine speed – to defeat every attack, at every stage of the threat lifecycle.
We are a values-driven team where names are known, results are rewarded, and friendships are formed. Trust, accountability, relentlessness, ingenuity, and OneSentinel define the pillars of our collaborative and unified global culture. We're looking for people that will drive team success and collaboration across SentinelOne. If you’re enthusiastic about innovative approaches to problem-solving, we would love to speak with you about joining our team!
What are we looking for?
We are looking for a highly motivated, collaborative and experienced Sr. InfoSec Risk Specialist with a security focused mindset who can balance risk, business drivers and timelines. This position will be responsible for understanding and supporting the design of SentinelOne's organizational, procedural and technological security controls within the context of the security frameworks applicable to SentinelOne. In addition, you will be responsible for identifying and testing appropriate controls to ensure they are designed, implemented, and operating effectively to mitigate risk. The selected employee will help implement, automate, document and maintain controls while supporting and responding to inquiries from internal and external stakeholders. This individual must be self-directed and be able to work independently and collaboratively.
What will you do?
- Support the planning and performance of IT risk-based security audits and projects, risk assessments, execution of fieldwork and communication to stakeholders.
- Help in evaluating relevant global standards, compliance frameworks and regulations to analyze existing controls; identify areas for improvement; and design control growth.
- Collaborate with process and control owners through the audit lifecycle for process documentation updates, testing coordination, remediation of identified deficiencies and advising on internal control enhancements or process changes, as appropriate.
- Proactively manage audit findings, tracking and documentation of status updates obtained via action owners, and timely execution of remediation activities.
- Participate in internal security and compliance program and track recurring controls, such as ISO 27001/27002, 27701, 27018, SSAE 18 SOC 2.
- Provide control consultative support to the business to assist in redesign efforts to improve the control environment and identify opportunities for control improvements with the objective of mitigating risk and improving compliance and operational performance.
- Help support internal/external audits and evidence collection via a GRC tool.
- Document new and update existing policies, procedures, standards and resources
- Help support customer security reviews, RFPs and external security and privacy inquiries.
- Participate in defining, collecting and tracking various Security Metrics.
What skills and knowledge are required?
- 5+ years of experience working in information security, risk or compliance
- Experience working with Security Controls across at least some of the following domains: Access Management, Encryption, Risk Management, Network Security, Configuration Management, Patch Management, Change Management, Awareness & training, BC/DRP, etc.
- Ability to perform internal audits with minimal direct supervision, exhibit professional audit judgment and have experience in a broad range of audit projects such as ISO 27001/27002, 27701, 27018, SSAE 16/18 SOC 2, ISO 27001/2, NIST
- Strong risk management experience, performing assessments and audits, designing controls, managing enterprise control frameworks, and prioritizing risk.
- Strong project management skills and ability to manage a variety of projects simultaneously to completion within the agreed timelines.
- Excellent collaboration and interpersonal skills. Must be able to communicate with all levels in the organization.
- Ability to communicate effectively, in writing and verbally, to target audiences, including customers, partners, auditors, executive management, vendors, and peers
- Experience working with both technical and non-technical teams
- Ability and desire to understand the intent of requirements and provide effective recommendations
- Ability to prioritize in a highly dynamic work environment
Preferred Qualifications:
- Advanced degree in computer science, Information Technology, Information Security or related field
- Experience with, and strong understanding of common Security Compliance frameworks, controls, and best practices such as ISO 27001/27002, 27701, 27018, COSO, SOC 2, SOX ITGC, GDPR, PCI, NIST and other applicable regulatory compliance frameworks
- Relevant certifications ( ISO 27001 LA/LI, CISA, CISM, CISSP, CRISC, etc.)
- Ability to assess and pragmatically define scope and relevant controls
- Strong desire to learn and continuously develop and deepen technical skills
Why us?
Salary from 3000 EUR/month.
Yearly variable target bonus depending on the performance of the company, paid out in 2 installments.
*The final base salary component can be increased accordingly to individual skills and experience of the selected candidate.
On top of that you may look forward to:
- Flexible working hours & Full remote within Slovakia; optional membership in Regus co-working spaces; in Czechia we also have offices in Prague or Brno
- Generous employee stock plan in the form of RSUs (restricted stock units) not options; 4 years vesting with 1 year cliff and then quarterly
- Meal Allowance (maximum value of the employer’s contribution per day: €4.29)
- Wellbeing Allowance (€120/month)
- Flexible Time Off (on top of the standard 5 weeks of vacation)
- Flexible Paid Sick Days
- Fully Paid Short Term Sick/Short Term Nursing Leave
- Global gender-neutral Parental Leave (16 weeks, beyond the leave provided by the local laws) & Grandparent Leave
- Volunteering paid day off & Additional paid Company holidays off (e.g. 4 days in 2022)
- Pension insurance contribution
- Premium Life Insurance covered by S1
- High-end MacBook or Windows laptop, Home-office-setup gear & on top of that additional WFH Allowance
- Udemy Business platform for Hard/Soft skills Training, internal mentoring 'MentorOne' & Support for your further educational activities/trainings
- Above-standard referral bonus
- Yearly bonus depending on the performance of the company
- Optional company events for those who like to meet outside of work too - mostly in Czechia expensed as business trip (sport, BBQ, charity etc.)
- DEI&B programs that promote employee resource groups like SentinelWIN (Women Inclusion Network), Blk@S1, Latinos@S1, Pan-Asian@S1, Out@S1 (LGBTQIA+) and Sentinels Who Served
SentinelOne is proud to be an Equal Employment Opportunity and Affirmative Action employer. We do not discriminate based upon race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics.
SentinelOne participates in the E-Verify Program for all U.S. based roles.
This job is no longer accepting applications
See open jobs at SentinelOne.See open jobs similar to "Senior Information Security Risk Specialist" Accel.