At Rapid7, we're on a mission to close the security achievement gap for our customers by simplifying the complex through shared visibility, analytics, and automation that unite teams around challenges and successes of cybersecurity. Our products and services empower over 9,100 customers across over 120 countries to seamlessly build security into the heart of their organizations.
Rapid7's Trust & Security Governance team functions within the Information Security department and plays a crucial role in supporting the organization's mission. We ensure we meet our duty of care to our customers, employees, and shareholders by creating effective governance for upholding internal security policies, identifying and managing security risk, distributing foundational security expertise across every department to create an exceptional security culture, and bolstering customer and community trust by providing accessible and transparent information about our internal security program. This role partners closely with other InfoSec teams, Legal, Procurement, and many other teams at Rapid7.
We're looking for an Information Security Risk Manager to provide leadership to develop and implement consistent information security risk management practices and partners closely with stakeholders throughout the organization to drive continued awareness and improvement.
Manage and enhance the information security risk management program, including participation in broader enterprise risk management, vulnerability management, and third-party risk management activities
Manage and maintain the Trust and Security Governance Integrated Risk Management framework that guides and informs risk-based decisions, including how risk is defined, assessed, responded to, and monitored over time
Partner closely with the Information Security Governance Manager to ensure that the information security risk management strategy keeps pace with evolving global standards, guidelines, regulations, and customer expectations
Establish security risk management procedures that enable the Trust and Security Governance Integrated Risk Management framework, including third-party risk and vulnerability management activities
Enhance and manage the information security risk assessment process against our infrastructure, products, and suppliers
Partner with appropriate teams to craft and report the annual security risk assessment
Establish key metrics and partner with various stakeholders to ensure appropriate plans are in place to mitigate identified risks and vulnerabilities
Provide oversight to ensure information security risk management activities are documented and consistently performed
Work with the Security PMO to ensure projects are properly scoped, tracked, communicated, and completed in an effective and efficient manner
Manage and develop a team of individual direct reports
Demonstrated experience with security audits, security control assessments, risk assessments, and/or compliance program management
Demonstrated experience creating and documenting risk methodologies, maintaining risk registers, performing risk assessments, and driving risk mitigation projects
Experience leading or partnering with third party risk and vulnerability management programs
Demonstrated experience with security standards/frameworks such as ISO 27001, SOC 2, PCI, FedRAMP, NIST CSF, etc.
Experience managing, developing, and growing diverse teams
Demonstrated experience with executing program initiatives through a distributed team of analysts
Experience developing and driving continuous program improvement
Excellent communication skills, including the ability to communicate security and risk-related concepts to technical and nontechnical audiences
Excellent time management and prioritization skills with a proven ability to plan, prioritize, and execute projects independently or in coordination with other teams
Effective negotiating, critical thinking and problem-solving skills, including the ability to optimize risk mitigation approaches across diverse business units
Knowledge of applicable regulations such as SOX, GDPR
Experience working with cyber risk quantification and evaluating emerging cybersecurity threats
Experience leading program initiatives in accordance with agile methodologies
Experience working with an enterprise GRC solution
Experience evaluating and triaging penetration test and vulnerability disclosure reports
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.