Senior Manager, Security Assurance

Druva is the leading provider of data security solutions, empowering customers to secure and recover their data from all threats. The Druva Data Security Cloud is a fully managed SaaS solution offering air-gapped and immutable data protection across cloud, on-premises, and edge environments. By centralizing data protection, Druva enhances traditional security measures and enables faster incident response, effective cyber remediation, and robust data governance. Trusted by nearly 7,500 customers, including 75 of the Fortune 500, Druva safeguards business data in an increasingly interconnected world. Visit druva.com and follow us on LinkedIn, X and Facebook.

Summary:

The Senior Manager, Security Assurance will be responsible for all initiatives directed at building trust and confidence in Druva’s data security, privacy, and compliance posture. Additionally, they will lead Druva’s Third-Party Risk Management program and drive execution and improvement in our security culture improvement initiatives around phishing and security awareness. 

Preferred Qualifications:

• At least 12 years of experience in a technology discipline, preferably 8+ years in the cyber security domain
• Background in or strong understanding of security compliance and Privacy frameworks (SOC 2, ISO27001, HIPPA, CSA STAR, NIST)
• Demonstrable knowledge of OWASP Top-10 Web Application Vulnerabilities and related risks and countermeasures
• Working protocol level understanding of At-Rest and In-Motion Encryption fundamentals (TLS/SSL, BCrypt, PKI, SHA1, AES etc)
• Knowledge of AWS and security controls native to AWS
• Technical Understanding of SaaS Multi-tenant architectures
• Ability to threat model and assess security risk of interconnected systems and data flows
• Proven experience collaborating with sales and engineering teams
• Demonstrable customer communication experience around security matters
• Experience implementing or using any TPRM tools or platforms (for e.g. KY3P, ProcessUnity, ServiceNow, CyberGRX etc)
• Knowledge of technical domains such as network security, cloud security & application security
• Exceptional communication skills, critical thinking ability and strong bias for ownership & learning
• Experience leading teams, building and monitoring cross-functional scaled-up processes to achieve business objectives

Responsibilities:

• Own and drive the processes to provide expert internal support for security and compliance due diligence requests
• Work and co-ordinate with internal security teams (Cyber Defense, Product Security, Compliance), Engineering functions and customer account teams to provide timely and high-quality responses to security queries from prospects and customers
• Manage incoming security support requests including security focused questionnaires, customer audits, and client-driven penetration tests as needed
• Develop and maintain customer facing security policies and documentation and manage the Druva's online trust portal
• Ensure customer security documentation and external artifacts are up to date and accurate as per current state security policies 
• Evaluate and set the strategy for Druva’s third-party risk management program
• Conduct holistic security assessments of Druva’s existing & new vendors to identify and mitigate potential risks.
• Stay informed about current security vulnerabilities, incidents and assess exposure through Druva’s vendor landscape 
• Own and drive risk-reduction in Druva’s External attack surface
• Develop and execute on improvement strategy for phishing simulations and security training of our employees

The pay range for this position is expected to be between $187,000 and $262,333/year; however, base pay offered may vary depending on multiple individualized, non-discriminatory factors, including market location, job-related knowledge, skills, and experience. The total compensation package for this position may also include other incentive compensation opportunities in the form of discretionary annual bonus or commissions, and equity. Additionally, full-time employees are eligible to participate in our comprehensive benefits program, including health and wellness benefits, 401(k) retirement plan, life and disability insurance coverages, and other benefits the Company may offer from time to time.