About the Team
Rapid7’s Trust & Security Governance team functions within the Information Security department and plays a crucial role in supporting the organization’s mission. We ensure we meet our duty of care to our customers, employees, and shareholders by creating effective governance for upholding internal security policies, identifying and managing security risk, distributing foundational security expertise across every department to create an exceptional security culture, and bolstering customer and community trust by providing accessible and transparent information about our internal security program. This role partners closely with other InfoSec teams, Legal, Procurement, and many other teams at Rapid7.
About the Role
We’re looking for an Information Security Risk Manager to provide leadership to develop and implement consistent information security risk management practices and partners closely with stakeholders throughout the organization to drive continued awareness and improvement.
In this role, you will:
Manage and enhance the information security risk management program, including participation in broader enterprise risk management, vulnerability management, and third-party risk management activities
Manage and maintain the Trust and Security Governance Integrated Risk Management framework that guides and informs risk-based decisions, including how risk is defined, assessed, responded to, and monitored over time
Partner closely with the Information Security Governance Manager to ensure that the information security risk management strategy keeps pace with evolving global standards, guidelines, regulations, and customer expectations
Establish security risk management procedures that enable the Trust and Security Governance Integrated Risk Management framework, including third-party risk and vulnerability management activities
Enhance and manage the information security risk assessment process against our infrastructure, products, and suppliers
Partner with appropriate teams to craft and report the annual security risk assessment
Establish key metrics and partner with various stakeholders to ensure appropriate plans are in place to mitigate identified risks and vulnerabilities
Provide oversight to ensure information security risk management activities are documented and consistently performed
Work with the Security PMO to ensure projects are properly scoped, tracked, communicated, and completed in an effective and efficient manner
Manage and develop a team of individual direct reports
The skills you’ll bring include:
Demonstrated experience with security audits, security control assessments, risk assessments, and/or compliance program management
Demonstrated experience creating and documenting risk methodologies, maintaining risk registers, performing risk assessments, and driving risk mitigation projects
Experience leading or partnering with third party risk and vulnerability management programs
Demonstrated experience with security standards/frameworks such as ISO 27001, SOC 2, PCI, FedRAMP, NIST CSF, etc.
Experience managing, developing, and growing diverse teams
Demonstrated experience with executing program initiatives through a distributed team of analysts
Experience developing and driving continuous program improvement
Excellent communication skills, including the ability to communicate security and risk-related concepts to technical and nontechnical audiences
Excellent time management and prioritization skills with a proven ability to plan, prioritize, and execute projects independently or in coordination with other teams
Effective negotiating, critical thinking and problem-solving skills, including the ability to optimize risk mitigation approaches across diverse business units
We know that the best ideas and solutions come from multi-dimensional teams. Teams reflecting a variety of backgrounds and professional experiences. If you are excited about this role and feel your experience can make an impact, please don’t be shy - apply today.
Rapid7 (NASDAQ: RPD) helps organizations across the globe protect what matters most so innovation can thrive in an increasingly connected world. Our comprehensive technology, services, and community-focused research simplify the complex for security teams, helping them reduce vulnerabilities, monitor for malicious behavior, be in 10 places at once, and shut down attacks. We’re on a mission to make security solutions easier to use and access so we can bring safety and resilience to more people.
With more than 10,000 customers across 140+ countries, Rapid7 is a leader in cybersecurity that has earned numerous industry accolades and recognition for our technology and culture.
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.
These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work.
These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. If you do not allow these cookie we will not know when you have visited our site, and will not be able to monitor its performance.