Sr. Manager - Security Assurance

About Druva 

Druva, the autonomous data security company, puts data security on autopilot with a 100% SaaS, fully managed platform to secure and recover data from all threats. The Druva Data Security Cloud ensures the availability, confidentiality, and fidelity of data - providing customers with autonomous protection, rapid incident response, and guaranteed data recovery. The company is trusted by its more than 6,000 customers, including 65 of the Fortune 500, to defend business data in today’s ever-connected world. Amidst a rapidly evolving security landscape, Druva offers a $10 million Data Resiliency Guarantee ensuring customer data is protected and secured against every cyber threat. Visit druva.com and follow us on LinkedIn, Twitter and Facebook.

Establish a formal and robust Risk Management/Governance Program which will identify and assess risks to build realistic plans to remediate and sustain a control environment driven by multiple compliance frameworks.

Summary:-

The Sr. Manager of Security Assurance will be responsible for all initiatives directed at building trust and confidence in Druva’s data security, privacy, and compliance posture. Additionally, they will lead Druva’s Third-Party Risk Management program and drive execution and improvement in our security culture improvement initiatives around phishing and security awareness. 

Preferred Qualifications:-

1. Background in or strong understanding of security compliance and Privacy frameworks (SOC 2, ISO27001, HIPPA, CSA STAR, NIST)
2. Demostrable knowledge of OWASP Top-10 Web Application Vulnerabilities and related risks and countermeasures
3. Working protocol level understanding of At-Rest and In-Motion Encryption fundamentals (TLS/SSL, BCrypt, PKI, SHA1, AES etc)
4. Knowledge of AWS and security controls native to AWS
5. Technical Understanding of SaaS Multi-tenant architectures
6. Ability to threat model and assess security risk of interconnected systems and data flows
7. Proven experience collaborating with sales and engineering teams
8. Demonstrable customer communication experience around security matters
9. Experience implementing or using any TPRM tools or platforms (for e.g. KY3P, ProcessUnity, ServiceNow, CyberGRX etc)
10. Knowledge of technical domains such as network security, cloud security & application security
11. Exceptional communication skills, critical thinking ability and strong bias for ownership & learning
12. Experience leading teams, building and monitoring cross-functional scaled-up processes to achieve business objectives
13. At least 12 years of experience in a technology discipline, preferably 8+ years in the cyber security domain

Responsibilities:-

1. Own and drive the processes to provide expert internal support for security and compliance due diligence requests
2. Work and co-ordinate with internal security teams (Cyber Defence, Product Security, Compliance), Engineering functions and customer account teams to provide timely and high-quality responses to security queries from prospects and customers
3. Manage incoming security support requests including security focused questionnaires, customer audits, and client-driven penetration tests as needed
4. Develop and maintain customer facing security policies and documentation and manage the Druva's online trust portal
5. Ensure customer security documentation and external artifacts are up to date and accurate as per current state security policies 
6. Evaluate and set the strategy for Druva’s third-party risk management program
7. Conduct holistic security assessments of Druva’s existing & new vendors to identify and mitigate potential risks.
8. Stay informed about current security vulnerabilities, incidents and assess exposure through Druva’s vendor landscape 
9. Own and drive risk-reduction in Druva’s External attack surface
10. Develop and execute on improvement strategy for phishing simulations and security training of our employees