Senior Manager, IT Governance and Risk Management
Location: Remote - US only
Job Type: Full time
We are currently seeking a dynamic leader with experience in engaging with business and technology leaders to structure technology and cyber risk policies, standards, and procedures. This individual will support significant partnerships with various business divisions and risk management organizations to assess, develop, and implement robust risk governance supporting numerous technology risk management practices within Okta’s Customer Identity Product Unit (CIPU)
The ideal candidate for this role will have an in-depth understanding of technology and cyber security risk processes and industry-level governance practices, both from a technical and risk management perspective. The associate in this role will be a key leader across respective policy program activities to develop relationships and influence strong risk management across the organization, providing oversight and effective challenge.
- Provide and manage the production of risk governance overseeing technology and cyber control programs, as well as policy compliance over the effectiveness and design of technology and cybersecurity controls
- Play a supporting role in identifying areas of cyber risk to provide oversight, analysis, effective challenge, and risk-informed surrounding Policies, standards, and procedures. Recommendations
- Mature various standards and policies including commercial (e.g. SOC2, ISO27001, PCI, HIPAA) and public sector (FISMA, FedRAMP) attestations
- Draft risk frameworks and proposals for senior management and other stakeholders, potentially including regulatory agencies
- Partner with stakeholders across Application Security and Security Operations to ensure issue management discipline incorporates both discipline implementation and gaps discovered during discipline activities
- Working closely with the stakeholder team, create dashboards that provide accurate and timely information on the status of open issues for products and environments in support of continuous monitoring and overall continuous improvement
- Coordinate program-related activities and deliverables to ensure effective collaboration within the team and across stakeholder groups
- This role requires the ability to articulate complex technical concepts in a clear, concise, actionable manner through both written products and verbal communications
- Work closely with product, regulatory, privacy, security, engineering, operations, sales, and marketing to initiate and implement issue and risk management discipline. Assist with compliance and security engineering projects as needed
- Assist compliance team with annual risk assessment and drive remediation activity across various teams
- Develop governance, risk & compliance measurements, and metrics to report up to executive management
- Responsible for managing the CIPU’s Business Continuity / Disaster Recovery programs. This includes routine impact assessments, managing the business continuity policy and plan, maintaining and communicating the CIPU’s BCP requirements and planning, overseeing the CIPU’s periodic testing of key systems and processes, and working with various business functions to remediate any gaps or vulnerabilities in the process
- Ensures that the CIPU’s BCP/DR program complies with regulatory guidance
- Responsible for managing the CIPU’s Vendor Risk Management with security review assessment as needed
- Evaluates and incorporate Vendor Risk profile into the overall Operational Risk Assessment
- Bachelor’s degree required; BS in Computer Science, Information Security, or related field.
- Minimum 5 years of experience in the field of Information Security, Cybersecurity, Audit, and/or Compliance is required.
- 3+ years of experience in people & team management.
- STRONG project management skills/abilities. Must be able to bring order to chaos.
- Ability to manage multiple engagements while maintaining superior results
- 3+years SaaS or Cloud security experience desirable.
- Deep knowledge of at least two or more security frameworks NIST Cybersecurity Framework controls, COSO Risk Framework, NIST 800-53, ISO 27000-1, and the ability to determine measures that will satisfy controls, design controls, and determine solutions are strongly required.
- Strong knowledge of additional security frameworks (CIS Critical Controls, HIPAA, HITRUST to Mitigate Cyber Security Incidents, UK Cyber Essentials, etc.) would be desirable.
- At least 1 professional security management certification: e.g. Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified in Risk and Information Systems Control (CRISC)
- Project Management: Plan and manage several projects to meet compliance and security requirements. Effectively communicate with other teams at Okta during the entire project cycle.
(Colorado, New York and Washington only*) Minimum OTE of $154,000/year + equity + benefits
Okta is an Equal Opportunity Employer
Okta is rethinking the traditional work environment, providing our employees with the flexibility to be their most creative and successful versions of themselves, no matter where they are located. We enable a flexible approach to work, meaning for roles where it makes sense, you can work from the office, or from home, regardless of where you live. Okta invests in the best technologies and provides flexible benefits and collaborative work environments/experiences, empowering employees to work productively in a setting that best and uniquely suits their needs. Find your place at Okta https://www.okta.com/company/careers/.
By submitting an application, you agree to the retention of your personal data for consideration for a future position at Okta. More details about Okta’s privacy practices can be found at: https://www.okta.com/privacy-policy.