Cyber Risk Manager

Job Summary

As a Cyber Risk Manager at EDB you report directly to the Director of Information Risk Director and are a trusted member of the CISO staff. Your role leads the transformation of the security controls that help drive business growth and reduce downside information risks. You work closely with peers and stakeholders to clearly articulate technical objectives and implementation requirements for the internal security program and product capabilities. You are responsible for understanding multiple security frameworks translating objectives partnering with stakeholders on control design implementation and other security initiatives. EDB is embarking on a large transformation of the security program for which you will be a leading voice of change for the business.

The ideal candidate must be comfortable working in a global environment that supports flexible work schedules and a distributed security model. Whether you are looking to expand autonomy in your role build a new security foundation or just needing a change of pace this role is for you!

**Candidate Note: This role is 100% remote. We are targeting candidates located in the United States.

What your impact will be:

• Perform information risk assessments using EDB’s common control framework procedures and policies against a combination of infrastructure development and business domains

• Define technical security requirements for new products features and internal controls ensuring they meet industry standards and address key customer security risks.

• Collaborate effectively with cross-functional teams including product engineering marketing and legal to ensure security is integrated throughout the organization.

• Identify key security challenges and opportunities related to our program and establish a strategic roadmap to address them.

• Serve as an expert on security frameworks and objectives by assisting owners as they define new control activities procedures and implementation

• Partner with Information Security Program Management on the roadmap and execution of key security initiatives across EDB’s business units

• Identify issues with current and future control implementations with the ability to communicate with an emphasis on collaboration and action

• Evaluate third party risk found in new products integrations and services introduced into EDB portfolio and the on-going evaluation of suppliers

• Continuously improve operational risk management practices with engineering teams to assist with prioritization of security debt

• Support enterprise risk management practices and drive strategic mitigation planning

What you will bring:

• Extensive experience conducting technical security control analysis within regulated environments

• Past responsibilities managing cyber threats vulnerabilities and the ability to translate business impacts

• Ability to perform qualitative and quantitative analysis of risks including mitigating action plans

• Experience assessing technical footprints found within both on-prem and cloud environments

• Strong experience with auditing security objectives of one or more of the following: SOC2 PCI HIPAA SSDF FedRAMP (800-53) ISO 27001

• Effective communication skills with the ability to translate technical concerns into business risks impacts

• Personal management of multiple projects security events and incidents as required for the role

• Seek to understand lead with a collaboration first approach

What will give you an edge:

• Deep knowledge of the MITRE ATT&CK Framework attack chains and attack path mapping

• Familiarity with Open FAIR or other quant based cyber risk methodologies

• Deep understanding of security frameworks such as NIST CSF ISO 27001 SOC2 HIPAA SSDF and FedRAMP

• Minimum of 5 years of experience in product security or a related field.

• Proven track record of developing and implementing successful security strategies

• Strong understanding of secure coding practices threat modeling and  vulnerability management

• Experience working in a fast-paced agile environment.

• Relevant security certifications (e.g. CISSP CISM) preferred

#LI-Remote