Jobs · Engineering

Security Risk Lead

Fastly · Denver, CO · 2 mo ago
RemoteRemoteEngineering$132k–$186k/yrFull-time

Job Summary

The Security Risk Lead at Fastly will lead targeted security risk assessments, analyze risk data, and design metrics and reporting to give Senior Leadership a pulse check on our security posture. They will also own and evolve systems that track risk decisions and mitigations, and maintain Fastly's core security policies and standards.

What You'll Do

  • Lead targeted security risk assessments across the organization, proactively identifying gaps and risks which pose a threat to the safety and security
  • Analyze risk data to identify patterns of deficiencies and collaborate with Security Architects, Product Owners, Engineering, and Senior Leaders to propose new, or challenge existing, mitigation plans
  • Own and evolve the systems that track our risk decisions and mitigations; ensuring we have visibility into the greatest areas of concern, where we need to buy down more risk, and to keep our mitigation plans on track with the committed timelines
  • Oversee relevant Risk Committees to identify and discuss systemic and cross-functional security risks, influencing Senior Leaders across Fastly to commit to mitigation plans
  • Design metrics and reporting to give Senior Leadership a pulse check on our security posture, highlighting exactly where we need to invest
  • Maintain Fastly’s core security policies and standards, balancing industry best practices with our risk appetite
  • Support the assessment and maintenance of our third party risk within Fastly’s vendor landscape

Qualifications

  • 6+ years of relevant experience and a Bachelor’s degree in Management Information Systems, Computer Science, or a related field
  • Proven leadership in security strategy, including influencing organizational direction, and embedding a security-first mindset across teams
  • Extensive experience dissecting complex environments to find risks that actually matter; ability to communicate technical vulnerabilities in a manner that adequately portrays the magnitude of the risk to technical and non-technical stakeholders
  • Working knowledge (either as a control owner or assessor) of various frameworks and industry standards, such as: NIST CSF, ISO 27001, PCI DSS, and OWASP Top 10
  • Ability to craft security policies and standards that take into account a company’s unique operating environment while still meeting security best practices
  • Ability to interpret internal security controls and requirements to assess and manage risk associated with third party vendors
  • Excellent communication and collaboration skills, capable of engaging with both technical teams and non-technical stakeholders at all levels to articulate risks, trade-offs, and security recommendations
  • Experience using governance, risk management, and compliance (GRC) tools preferred

What We're Looking For

  • Interest in learning more about the following:
  • Security risk assessments
  • Risk data analysis
  • System tracking and evolution
  • Risk committee oversight
  • Metrics and reporting design
  • Policy and standard creation
  • Third party risk assessment and management
  • Communication and collaboration with technical and non-technical stakeholders
  • Use of GRC tools

Work Hours & Location

  • This position will require you to be available during core business hours.
  • This position is open to Hybrid and Remote Work Locations. The preferred locations for this position are: San Francisco, CANew York, NYDenver, CORemote United States or Canada (Eastern Standard Time preferred)

Salary Range

The estimated salary range for this position is $132,060 to $186,444. Starting salary may vary based on permissible, non-discriminatory factors such as experience, skills, qualifications, and location.

Benefits

  • Comprehensive benefits package including medical, dental, and vision insurance
  • Family planning, mental health support along with Employee Assistance Program
  • Insurance (Life, Disability, and Accident)
  • A Flexible Vacation policy and up to 18 days of accrued paid sick leave
  • 401(k) (including company match)
  • Employee Stock Purchase Program
  • 12 paid local holidays, 12 paid company wellness days

Similar jobs

Security Lead

DOMA TechnologiesAnnapolis Junction, MD· 1 mo ago
Information Technologyapply on recruiting.paylocity.com

Security Lead

CommenceBaltimore, MD· 3 wk ago
Managementapply on recruiting.paylocity.com

Security Lead

Virgin GalacticGreater Phoenix Area· 4 days ago
Information Technology$82k–$125k/yrapply on vgcareers.virgingalactic.com

Security Lead

Six Flags Entertainment CorporationArlington, TX· 2 wk ago
Managementapply on jobs.sixflags.com

Security Lead

The h.wood GroupDallas, TX· 6 days ago
Information Technology$25–$28/hrapply on recruitingbypaycor.com

Security Lead

Milken Community SchoolLos Angeles, CA· 2 mo ago
Information Technology$26.44–$28.45/hrapply on paycomonline.net