Manager, Security Governance

US - MA - Boston

Location(s)

US - MA - Boston, US - CA - Los Angeles, US - VA - Arlington, US - TX - Austin

Team(s)

Information Security


As Rapid7 continues to grow and scale our products and customer base, the Trust and Security Governance team leads the efforts to continue to evolve and mature our internal security program, establish and maintain trust with our customers and the community, and collaborate across all of the relevant teams inside the company to build and nurture awareness of our security program, company policies and security risks.

The Manager, Information Security Risk Management is an integral part of our Enterprise Risk Management and Third Party Risk Management programs, leading Information Security Risk Management activities in support of these functions. The Manager, Information Security Risk Management provides leadership to develop and implement consistent information security risk management practices and works closely with stakeholders throughout the organization to drive continued awareness and improvement.

Responsibilities

  • Manage and enhance the information security risk management program, including participation in broader enterprise risk management and third party risk management activities

  • Manage and maintain the information security risk management strategy that guides and informs risk-based decisions, including how risk is defined, assessed, responded to, and monitored over time

  • Ensure information security risk management program and strategy keep pace with evolving global standards, guidelines and regulations

  • Build strong and contextual security governance procedures (charters, steering committees, and approval flows) in relation to the information security risk management and third party risk management functions

  • Enhance and manage the information security risk assessment process against our infrastructure, products and suppliers; establishing key metrics and partnering with stakeholders including IT and engineering teams to ensure appropriate plans are in place to mitigate identified risks and continuously improve the program

  • Identify opportunities for automation within the information security risk management and third party risk management functions and build/implement solutions

  • Provide oversight to ensure information security risk management activities are documented and consistently performed

  • Lead the implementation and ongoing improvement of security training and awareness initiatives that educate stakeholders throughout the company on their role in managing risk and partnering to improve the organizational risk posture

  • Work with PMO to ensure projects are properly scoped, tracked, communicated, and completed in an effective and efficient manner

  • Manage and develop a team of individual direct reports

Qualifications

  • Demonstrated experience with security audits, security control assessments, risk assessments, and/or compliance program management

  • Demonstrated experience creating and documenting risk methodologies, maintaining risk registers, performing risk assessments and driving risk mitigation projects

  • Demonstrated experience with third party risk assessment and management

  • Demonstrated experience with security standards/frameworks such as ISO 27001, SOC 2, PCI, FedRAMP, NIST CSF, etc.

  • Knowledge of applicable regulations such as SOX, GDPR, etc. to manage risk and ensure compliance

  • Experience managing, developing and growing security teams

  • Excellent communication skills, including the ability to communicate security and risk-related concepts to technical and nontechnical audiences

  • Excellent time management and prioritization skills with a strong ability to plan, prioritize, and execute projects independently or in coordination with other teams

  • Effective negotiating, critical thinking and problem-solving skills, including the ability to optimize risk mitigation approaches across diverse business units

Rapid7 (Nasdaq: RPD) is advancing security with visibility, analytics, and automation delivered through our Insight cloud. Our solutions simplify the complex, allowing security teams to work more effectively with IT and development to reduce vulnerabilities, monitor for malicious behavior, investigate and shut down attacks, and automate routine tasks. Over 9,300 customers rely on Rapid7 technology, services, and research to improve security outcomes and securely advance their organization. For more information, visit our website, check out our blog, or follow us on LinkedIn