Join us as we pursue our disruptive new vision to make machine data accessible, usable and valuable to everyone. We are a company filled with people who are passionate about our product and seek to deliver the best experience for our customers. At Splunk, we’re committed to our work, customers, having fun and most importantly to each other’s success. Learn more about Splunk careers and how you can become a part of our journey!
Splunk is the leader in big data, machine learning analytics with a significant presence in the cyber security market. This position provides cyber risk owners with the information they need to make informed risk decisions. Risk management is a core function of Splunk’s Cyber Security team and this role is responsible for identifying and assessing Splunk’s cyber risk, communicating risk to the Risk Owners and supporting them as they decide how to address the risk they own. Business areas supported include Splunk’s Cloud product, IT operations and corporate functions. The success of the risk program is realized by how effective the organization enables risk owners to handle their risk.
- You will conduct ad-hoc risk assessments to identify security gaps and the level of risk they represent to the business
- You will ensure critical and high priority issues are identified and resolved
- You will draft findings and provide evidence to accurately drive the calculation of the risk score.
- You will scope the assessment to draft actionable risk statements.
- You will lead a risk readout (completing the applicable risk template) to enable the risk owner to acknowledge they understand the risk under their ownership.
- You will partner with the business to validate the business and technology elements relied upon to analyze the risk
- You will track the status of risk treatment in the applicable GRC tools including Process Unity & JIRA to conclusion
- You will engage with multi-functional partners to analyze issues, assess risk, develop recommendations, build consensus and support implementation of remediation solutions
- You will support the development and production of metrics, including but not limited to, operational metrics, KPI’s, KRI’s and SLA’s
- You will keep up to date with the latest security and technology developments
- You will collaborate with end users as well as all levels of management, senior leaders; and technical and business resources
- You understand how risk impacts business operations, revenue, brand equity, and customer confidence
- You have one or more of the following certifications, CISA, CRISC, CISSP, CISM
- You demonstrate professional skepticism to ensure evidence is sufficient when assessing the relevant environments
- You communicate and present concisely and effectively based on the appropriate level of management
- You manage competing deadlines and prioritize responsibilities to effectively meet business needs
- You support the development and training of less experienced staff
If you have:
- 4-6 years of experience in information security risk management or Information technology risk management
- Ability to work effectively as part of a regional and global Technology Risk team, serving a large diverse Technology community
- Infrastructure security knowledge in Windows Server, Desktop OS and applications, Unix/Linux OS, Storage, Networking hardware and protocols, Market Data, Databases and Exchange Connectivity, Remote Access, Firewall and IDS/IPS technology, Voice and Audio Visual platforms, and experience in configuration and vulnerability management an advantage
- Understanding of the business functions and the Technology role in a product and cloud provider environment a significant advantage
- You demonstrate strong analytical & communication skills
- Ability to handle both time and workload of multiple tasks without constant supervision as part of a distributed team
- Demonstrated consistent ability to support cross-functional teams that deliver solutions while mitigating or removing hurdles / obstacles
- BS/ BA, MS/ MA degree or equivalent work experience
- Eligible to work in the United States without company sponsorship
We value diversity at our company. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or any other applicable legally protected characteristics in the location in which the candidate is applying.
For job positions in San Francisco, CA, and other locations where required, we will consider for employment qualified applicants with arrest and conviction records.