GRC Security Risk Manager (Remote)
USA TX Remote, United States
- Remote-first
- Website
- @CrowdStrike 𝕏
- Search
CrowdStrike
CrowdStrike is a global cybersecurity leader with an advanced cloud-native platform for protecting endpoints, cloud workloads, identities and data.As a global leader in cybersecurity, CrowdStrike protects the people, processes and technologies that drive modern organizations. Since 2011, our mission hasn’t changed — we’re here to stop breaches, and we’ve redefined modern security with the world’s most advanced AI-native platform. Our customers span all industries, and they count on CrowdStrike to keep their businesses running, their communities safe and their lives moving forward. We’re also a mission-driven company. We cultivate an inclusive culture that gives every CrowdStriker both the flexibility and autonomy to own their careers. We’re always looking to add talented CrowdStrikers to the team who have limitless passion, a relentless focus on innovation and a fanatical commitment to our customers, our community and each other. Ready to join a mission that matters? The future of cybersecurity starts with you.
About the Role:
CrowdStrike is seeking a highly experienced GRC Security Risk Manager to oversee and manage our cybersecurity risk management, issues and exceptions management, policy governance, and control framework programs. This critical role will play a key part in ensuring the security and integrity of our organization.
Oversee and manage CrowdStrike's cybersecurity risk management, issues and exceptions management, policy governance, and control framework programs
Identify, assess, measure, monitor, and report on information security risks
Track and remediate security issues and exceptions
Govern security policy, standards, and controls through CrowdStrike's Governance, Risk, and Compliance (GRC) program
Collaborate with Security teams, Engineering, and Internal Audit to ensure alignment and effective risk management
Lead organizational efforts in defining, establishing, managing, and enforcing cybersecurity policies, standards, and procedures
What You'll Do:
Team Leadership:
Lead a team of four people, ensuring their engagement, development, and performance in alignment with expectations.
Program Development and Management:
Develop and implement a comprehensive cybersecurity risk management program to identify, assess, and mitigate risks across the organization.
Build out the issues and exceptions management program to improve efficiency, effectiveness, user experience, and program scope.
Mature the policy governance program through content enhancement, stakeholder engagement, and enterprise awareness.
GRC Strategy and Alignment:
Help create and drive GRC strategy to increase business value and improve overall maturity of the GRC organization.
Align with cross-functional teams, including IT, business units, procurement, Legal, Product Security, and other stakeholders to ensure a comprehensive approach to security and compliance.
Continuous Improvement:
Proactively identify areas of improvement within Cyber GRC and lead efforts to address and remediate.
Perform other duties within the scope of GRC.
What You'll Need:
Education and Experience:
At least 10+ years of job-related experience in a related field, with a preferred BA or BS / MA or MS degree in Computer Science/Engineering, Math, Information Security, Information Systems, Information Assurance, Information Security Management, Intelligence Studies, Data Science, Cybersecurity, or other related field.
Technical Skills:
Proven experience in security risk management, including risk assessments, issue management, policy governance, and risk mitigation, with expertise in GRC tool implementation (ServiceNow).
Practical experience with policy and regulatory requirements such as SOC1/SOC2, CSA-CCM, ISO27001/27002/27031, GDPR, PCI-DSS and frameworks such as NIST Risk 800-34, NIST 800-53, etc.
Advanced technical understanding of key technologies such as operating systems, networks, application development, databases, virtualization, and cloud infrastructures.
Soft Skills:
Proven track record of successfully collaborating with cross-functional teams across multiple regions to achieve business objectives.
Ability to build rapport and maintain relationships across functions within the company, with external vendors, and with governmental teams.
Ability to think strategically about risks and tie those risks to tactical organizational activities.
Program and Project Management:
Program and project management experience in scoping, work break-down, critical path analysis, resourcing, managing time and cost estimates, project risks, and quality.
Bonus Points:
Experience with leading GRC products, such as ServiceNow, and/or cloud environments, including CrowdStrike products or services.
Practical experience in Software Development and Secure Coding best practices.
Ideal Candidate: We're looking for a seasoned security professional with expertise in risk management, cybersecurity principles, and effective communication.
Expert-level understanding of current processes and a proactive approach to improving CrowdStrike's risk posture and GRC program
Strong collaboration and communication skills, with the ability to work effectively across all levels of the organization
Relevant certifications (e.g. CISSP, CISM, CRISC) and experience in a similar role
What We Offer: The opportunity to work in a fast-paced, secure, and empowered environment in the tech industry, with a team of experienced security professionals.
#LI-Remote
#LI-RC1
Benefits of Working at CrowdStrike:
Remote-friendly and flexible work culture
Market leader in compensation and equity awards
Comprehensive physical and mental wellness programs
Competitive vacation and holidays for recharge
Paid parental and adoption leaves
Professional development opportunities for all employees regardless of level or role
Employee Resource Groups, geographic neighbourhood groups and volunteer opportunities to build connections
Vibrant office culture with world class amenities
Great Place to Work Certified™ across the globe
CrowdStrike is proud to be an equal opportunity and affirmative action employer. We are committed to fostering a culture of belonging where everyone is valued for who they are and empowered to succeed. Our approach to cultivating a diverse, equitable, and inclusive culture is rooted in listening, learning and collective action. By embracing the diversity of our people, we achieve our best work and fuel innovation - generating the best possible outcomes for our customers and the communities they serve.
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran. If you need assistance accessing or reviewing the information on this website or need help submitting an application for employment or requesting an accommodation, please contact us at recruiting@crowdstrike.com for further assistance.
Find out more about your rights as an applicant.
CrowdStrike participates in the E-Verify program.
Notice of E-Verify Participation
CrowdStrike, Inc. is committed to fair and equitable compensation practices. The base salary range for this position in the U.S. is $0 - $0 per year + variable/incentive compensation + equity + benefits. A candidate's salary is determined by various factors including, but not limited to, relevant work experience, skills, certifications, job level, supervisory status, and location.Expected Close Date of Job Posting is:02-24-2025* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: CISM CISSP Cloud Compliance Computer Science CRISC CrowdStrike GDPR Governance ISO 27001 NIST NIST 800-53 Product security Risk assessment Risk management SOC 1 SOC 2 Strategy
Perks/benefits: Career development Competitive pay Equity / stock options Flex hours Flex vacation Salary bonus
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.