Splunk is the leader in big data, machine learning analytics with a significant presence in the cyber security market. In this role you will lead risk assessments using security tools and relying on technical expertise to identify and report security gaps to senior leadership and risk owners. You will also lead the roll out of security standards to key business units to improve Splunk's security posture. In addition, this role will cross train and collaborate with Splunk's Security Architecture & Security Engineering teams to ensure consistency in the SGS technical assessment process.
Identify Security Risk
- You will conduct technical security risk assessments to identify threat scenarios and security impacts and the level of risk they represent to the business
- You will understand technical implementation details vital to assess and recommend security improvements and identify compensating controls
- You will draft risks and provide fact based evidence to accurately drive the calculation of the risk score
- You will lead a risk readout (completing the applicable risk template) to enable the risk owner to acknowledge they understand the risk under their ownership
- You will engage with multi-functional partners to analyze issues, assess risk, develop recommendations, build consensus and support implementation of remediation solutions
- You will track the status of risk treatment in the applicable GRC tools including Jira and Splunk to conclusion
- You will support the development and production of metrics, including but not limited to, operational metrics, KPI’s, KRI’s and SLA’s
- You will keep up to date with the latest security and technology developments
- You will educate control owners on security standards to improve Splunk's security posture and assess the efficacy of implementation as part of the risk assessment
- You will collaborate with and provide feedback to Splunk's Compliance and Enterprise Risk Management teams on new control recommendations
- You will train and mentor less technical members of the team on the technical aspects of security gaps
- Practical work experience with security concepts including the ability to assess the security aspects of the following: network devices, firewalls, intrusion detection/prevention systems, identity services, web applications, encryption, forensic analysis, penetration/vulnerability tools, Linux/windows/macOS, virtualization, desktop/laptop and mobile devices
- Demonstrate solid knowledge of information security risks and countermeasures and PCI, HIPAA, SOC2, ISO 27002, FedRamp and other information security and control frameworks.
- Strong technical knowledge of Cloud infrastructure, applications and coding practices preferred
- Demonstrate an understanding of business processes, internal control risk management, IT controls, and how they interact together
- Big 4, Consulting or IT internal audit experience [preferred]
- Certifications: CISA, CISM, CISSP, CRISC (one or more)
- Demonstrate professional skepticism to ensure evidence is sufficient when assessing the relevant environments
- Communicate and present concisely and efficiently based on the appropriate level of management
- Bachelor of Science degree in Computer Science or related subject area or equivalent practical experience.
- 3+ years information security experience or a combination of information technology work experience and information security experience.
- Demonstrate effective verbal and written communication skills for the purpose of explaining technical information to clients, vendors, senior management and staff and ability to apply knowledge and deductive reasoning.
- Strong analytical, problem solving, organizational, documentation; time management skills. Solid attention to detail. Positive relationship and facilitation skills.
- Eligible to work in the United States without company sponsorship