Join us as we pursue our disruptive new vision to make machine data accessible, usable and valuable to everyone. We are a company filled with people who are passionate about our product and seek to deliver the best experience for our customers. At Splunk, we’re committed to our work, customers, having fun and most importantly to each other’s success. Learn more about Splunk careers and how you can become a part of our journey!
Splunk is the leader in big data, machine learning analytics with a significant presence in the cyber security market. This role is responsible for performing technical security risk assessments, including conducting assessments, writing risk reports, recommending mitigation steps, monitoring mitigation plans and assessing residual risk as part of the continuous risk management lifecycle.
Continuously perform the steps in the Risk Management Lifecycle including the following:
- You will conduct technical security risk assessments to identify security gaps and the level of risk they represent to the business (must have knowledge of Cloud security)
- You will scope the assessment to draft measurable risk statements
- You will understand technical implementation details vital to assess and recommend security control improvements and identify compensating controls
- You will draft findings and provide fact based evidence to accurately drive the calculation of the risk score
- You will partner with the business to validate the business and technology elements relied upon to analyze the risk
- You will lead a risk readout (completing the applicable risk template) to enable the risk owner to acknowledge they understand the risk under their ownership.
- You will engage with multi-functional partners to analyze problems, assess risk, develop corrective actions, build consensus and support implementation of mitigation solutions
- You will supervise the status of risk treatment in the applicable GRC tools including Process Unity, JIRA & Splunk to conclusion
- You will assess residual risk following the completion of the risk treatment plan and report residual risk to the risk owner
- You will keep up to date with the latest security and technology developments
- You will cross train with security architecture to ensure consistency in the SGS technical assessment process
- You will collaborate with end users as well as all levels of management, senior leaders; and technical and business resources
- High level of knowledge in the areas of Cloud Infrastructure, Applications and coding practices
- Work experience with security concepts including the ability to assess the security aspects of the following: network devices, firewalls, intrusion detection/prevention systems, identity services, web applications, encryption, forensic analysis, penetration/vulnerability tools, Linux/windows/macOS, virtualization, desktop/laptop and mobile devices
- Some experience with assessing security aspects of orchestration via Terraform, Kubernetes, Docker, Puppet, Ansible, etc.
- 3+ years of security experience in one or more of these critical areas: Information Security Technology, Engineering, Operations, and Technology Infrastructure.
- Communicate data, facts, and analysis regarding operational delivery
- 5+ years of cyber risk management experience
- Big 4, Consulting or IT internal audit experience [preferred]
- Certifications: CISA, CISM, CISSP, CRISC (one or more)
- Demonstrate professional skepticism to ensure evidence is sufficient when assessing the relevant environments
- Communicate and present concisely and efficient based on the appropriate level of management
- Manage challenging deadlines and prioritize responsibilities to effectively meet business needs
- Support and mentor team members
- Work both independently and together with your team at all levels and across departments
- Demonstrate an understanding of business processes, internal control risk management, IT controls, and how they interact together
- Possess sophisticated interview skills to tailor the types of questions based on responses provided by internal personnel or supplier contacts
- Bachelor of Science degree in Computer Science or related subject area or equivalent practical experience.
- 8 years information security experience or a combination of information technology work experience and information security experience.
- Demonstrate proven knowledge of information security risks and countermeasures and PCI, HIPAA, SOC2, ISO 27002, FedRamp and other information security and control frameworks.
- Demonstrate effective verbal and written communication skills for the purpose of explaining technical information to clients, vendors, senior management and staff and ability to apply knowledge and deductive reasoning.
- Strong analytical, problem solving, organizational, documentation; time management skills. Strong attention to detail. Positive relationship and facilitation skills.
- Proficient with Google Suite applications.
- Eligible to work in the United States without company sponsorship
We value diversity at our company. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or any other applicable legally protected characteristics in the location in which the candidate is applying.
For job positions in San Francisco, CA, and other locations where required, we will consider for employment qualified applicants with arrest and conviction records.