Join us as we pursue our ground-breaking new vision to make machine data accessible, usable and valuable to everyone. We are a company filled with people who are passionate about our product and seek to deliver the best experience for our customers. At Splunk, we’re committed to our work, customers, having fun and most importantly to each other’s success. Learn more about Splunk careers and how you can become a part of our journey!
Splunk is the leader in big data, machine learning analytics with a significant presence in the cyber security market. In this role you will lead risk assessments using security tools and relying on technical expertise to identify and report security gaps to senior leadership and risk owners. You will also lead the roll out of security standards to key business units to improve Splunk's security posture. In addition, this role will cross train and collaborate with Splunk's Security Architecture & Security Engineering teams to ensure consistency in the SGS technical assessment process.
Identify Security Risk
- You will conduct technical security risk assessments to identify security gaps and the level of risk they represent to the business
- You will understand technical implementation details vital to assess and recommend security control improvements and identify compensating controls
- You will draft risks and provide fact based evidence to accurately drive the calculation of the risk score
- You will lead a risk readout (completing the applicable risk template) to enable the risk owner to acknowledge they understand the risk under their ownership
- You will engage with multi-functional partners to analyze issues, assess risk, develop recommendations, build consensus and support implementation of remediation solutions
- You will track the status of risk treatment in the applicable GRC tools including Jira and Splunk to conclusion
- You will support the development and production of metrics, including but not limited to, operational metrics, KPI’s, KRI’s and SLA’s
- You will keep up to date with the latest security and technology developments
- You will educate control owners on security standards to improve Splunk's security posture and assess the efficacy of implementation as part of the risk assessment
- You will collaborate with and provide feedback to Splunk's Compliance and Enterprise Risk Management teams on new control recommendations
- You will train and mentor less technical members of the team on the technical aspects of security gaps
- Practical work experience with security concepts including the ability to assess the security aspects of the following: network devices, firewalls, intrusion detection/prevention systems, identity services, web applications, encryption, forensic analysis, penetration/vulnerability tools, Linux/windows/macOS, virtualization, desktop/laptop and mobile devices
- Demonstrate solid knowledge of information security risks and countermeasures and PCI, HIPAA, SOC2, ISO 27002, FedRamp and other information security and control frameworks.
- Strong technical knowledge of Cloud infrastructure, applications and coding practices preferred
- Demonstrate an understanding of business processes, internal control risk management, IT controls, and how they interact together
- Big 4, Consulting or IT internal audit experience [preferred]
- Certifications: CISA, CISM, CISSP, CRISC (one or more)
- Demonstrate professional skepticism to ensure evidence is sufficient when assessing the relevant environments
- Communicate and present concisely and efficiently based on the appropriate level of management
- Bachelor of Science degree in Computer Science or related subject area or equivalent practical experience.
- 8+ years information security experience or a combination of information technology work experience and information security experience.
- Demonstrate effective verbal and written communication skills for the purpose of explaining technical information to clients, vendors, senior management and staff and ability to apply knowledge and deductive reasoning.
- Strong analytical, problem solving, organizational, documentation; time management skills. Solid attention to detail. Positive relationship and facilitation skills.
- Eligible to work in the United States without company sponsorship
We value diversity at our company. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or any other applicable legally protected characteristics in the location in which the candidate is applying.
For job positions in San Francisco, CA, and other locations where required, we will consider for employment qualified applicants with arrest and conviction records.