Security Risk Lead
Fastly · Denver, CO · 2 mo ago
RemoteRemoteEngineering$132k–$186k/yrFull-time
Job Summary
The Security Risk Lead at Fastly will lead targeted security risk assessments, analyze risk data, and design metrics and reporting to give Senior Leadership a pulse check on our security posture. They will also own and evolve systems that track risk decisions and mitigations, and maintain Fastly's core security policies and standards.
What You'll Do
- Lead targeted security risk assessments across the organization, proactively identifying gaps and risks which pose a threat to the safety and security
- Analyze risk data to identify patterns of deficiencies and collaborate with Security Architects, Product Owners, Engineering, and Senior Leaders to propose new, or challenge existing, mitigation plans
- Own and evolve the systems that track our risk decisions and mitigations; ensuring we have visibility into the greatest areas of concern, where we need to buy down more risk, and to keep our mitigation plans on track with the committed timelines
- Oversee relevant Risk Committees to identify and discuss systemic and cross-functional security risks, influencing Senior Leaders across Fastly to commit to mitigation plans
- Design metrics and reporting to give Senior Leadership a pulse check on our security posture, highlighting exactly where we need to invest
- Maintain Fastly’s core security policies and standards, balancing industry best practices with our risk appetite
- Support the assessment and maintenance of our third party risk within Fastly’s vendor landscape
Qualifications
- 6+ years of relevant experience and a Bachelor’s degree in Management Information Systems, Computer Science, or a related field
- Proven leadership in security strategy, including influencing organizational direction, and embedding a security-first mindset across teams
- Extensive experience dissecting complex environments to find risks that actually matter; ability to communicate technical vulnerabilities in a manner that adequately portrays the magnitude of the risk to technical and non-technical stakeholders
- Working knowledge (either as a control owner or assessor) of various frameworks and industry standards, such as: NIST CSF, ISO 27001, PCI DSS, and OWASP Top 10
- Ability to craft security policies and standards that take into account a company’s unique operating environment while still meeting security best practices
- Ability to interpret internal security controls and requirements to assess and manage risk associated with third party vendors
- Excellent communication and collaboration skills, capable of engaging with both technical teams and non-technical stakeholders at all levels to articulate risks, trade-offs, and security recommendations
- Experience using governance, risk management, and compliance (GRC) tools preferred
What We're Looking For
- Interest in learning more about the following:
- Security risk assessments
- Risk data analysis
- System tracking and evolution
- Risk committee oversight
- Metrics and reporting design
- Policy and standard creation
- Third party risk assessment and management
- Communication and collaboration with technical and non-technical stakeholders
- Use of GRC tools
Work Hours & Location
- This position will require you to be available during core business hours.
- This position is open to Hybrid and Remote Work Locations. The preferred locations for this position are: San Francisco, CANew York, NYDenver, CORemote United States or Canada (Eastern Standard Time preferred)
Salary Range
The estimated salary range for this position is $132,060 to $186,444. Starting salary may vary based on permissible, non-discriminatory factors such as experience, skills, qualifications, and location.
Benefits
- Comprehensive benefits package including medical, dental, and vision insurance
- Family planning, mental health support along with Employee Assistance Program
- Insurance (Life, Disability, and Accident)
- A Flexible Vacation policy and up to 18 days of accrued paid sick leave
- 401(k) (including company match)
- Employee Stock Purchase Program
- 12 paid local holidays, 12 paid company wellness days