Job ID: 7529302003

What are we looking for?

We are looking for a highly motivated, collaborative and experienced Senior InfoSec Risk Specialist with a security-focused mindset who can balance risk, business drivers and timelines. This position will be responsible for understanding and supporting the design of SentinelOne's organizational, procedural and technological security controls within the context of the security frameworks applicable to SentinelOne. In addition, you will be responsible for identifying and testing appropriate controls to ensure they are designed, implemented, and operating effectively to mitigate risk. The selected employee will help implement, automate, document and maintain controls while supporting and responding to inquiries from internal and external stakeholders. This individual must be self-directed and be able to work independently and collaboratively. 

What will you do?

• Support the planning and performance of IT risk-based security audits and projects, risk assessments, execution of fieldwork and communication to stakeholders.
• Help in evaluating relevant global standards, compliance frameworks and regulations to analyze existing controls; identify areas for improvement; and design control growth.
• Collaborate with process and control owners through the audit lifecycle for process documentation updates, testing coordination, remediation of identified deficiencies and advising on internal control enhancements or process changes, as appropriate.
• Proactively manage audit findings, tracking and documentation of status updates obtained via action owners, and timely execution of remediation activities.
• Participate in internal security and compliance programs and track recurring controls, such as SSAE 18 SOC 2, ISO 27001/27002.
• Provide control consultative support to the business to assist in redesign efforts to improve the control environment and identify opportunities for control improvements with the objective of mitigating risk and improving compliance and operational performance.
• Help support internal/external audits and evidence collection via a GRC tool.
• Document new and update existing policies, procedures, standards and resources
• Participate in Security awareness program, train personnel on data security and privacy-related processes and responsibilities.
• Help support customer security reviews, RFPs and external security and privacy inquiries.
• Participate in defining, collecting and tracking various Security Metrics.

What skills and experience should you bring?

• 5+ years of experience working in information security, risk or compliance.
• Experience working with Security Controls across at least some of the following domains: Access Management, Encryption, Risk Management, Network Security, Configuration Management, Patch Management, Change Management, Awareness and Training, BC/DRP, etc.
• Ability to perform internal audits with minimal direct supervision, exhibit professional audit judgment and have experience in a broad range of audit projects such as SSAE 16/18 SOC 2, ISO 27001/2, NIST.
• Strong risk management experience, performing assessments and audits, designing controls, managing enterprise control frameworks, and prioritizing risk.
• Strong project management skills and ability to manage a variety of projects simultaneously to completion within the agreed timelines.
• Excellent collaboration and interpersonal skills. Must be able to communicate with all levels in the organization.
• Ability to communicate effectively, in writing and verbally, to target audiences, including customers, partners, auditors, executive management, vendors, and peers.
• Experience working with both technical and non-technical teams.
• Ability and desire to understand the intent of requirements and provide effective recommendations.
• Ability to prioritize in a highly dynamic work environment.

Our Preferred Qualifications:

• Advanced degree in computer science, Information Technology, Information Security or related field.
• Experience with, and strong understanding of common Security Compliance frameworks, controls, and best practices such as COSO, SOC 2, SOX ITGC, ISO 27001/27002, GDPR, PCI, NIST and other applicable regulatory compliance frameworks.
• Relevant certifications (ISO 27001 LA/LI, CISA, CISM, CISSP, CRISC, etc.)
• Ability to assess and pragmatically define scope and relevant controls.
• Strong desire to learn and continuously develop and deepen technical skills.

Why us?

You will be joining a cutting-edge company where you will tackle extraordinary challenges and work with the very best in the industry.

• Medical, Vision, Dental, 401(k), Commuter, Health and Dependent FSA
• Unlimited PTO
• Industry-leading gender-neutral parental leave
• Paid Company Holidays
• Paid Sick Time
• Employee stock purchase program
• Disability and life insurance
• Employee assistance program
• Gym membership reimbursement
• Cell phone reimbursement
• Numerous company-sponsored events, including regular happy hours and team-building events