About the Team
Rapid7’s Trust & Security Governance team functions within the Information Security department and plays a crucial role in supporting the organization’s mission. We ensure we meet our duty of care to our customers, employees, and shareholders by creating effective governance for upholding internal security policies, identifying and managing security risk, distributing foundational security expertise across every department to create a strong security culture, and bolstering customer and community trust by providing accessible and transparent information about our internal security program. This role partners closely with other InfoSec teams, Legal, Procurement, and many other teams at Rapid7.
About the Role
We’re looking for a Senior Security Risk Analyst to assist in the development and execution of consistent information security risk management practices and who will partner closely with stakeholders throughout the organization to drive continued awareness and improvement.
In this role, you will:
Support the information security risk management program, including broader enterprise risk management, vulnerability management, and third-party risk management activities
Assist in the enhancement and execution of the Trust and Security Governance Integrated Risk Management framework that guides and informs risk-based decisions, including how risk is defined, assessed, responded to, and monitored over time
Perform third-party risk and vulnerability management activities, including risk analysis, findings creation and reporting, and remediation monitoring
Partner with various stakeholders to ensure appropriate plans are in place to mitigate identified risks and vulnerabilities
Assist with the completion of the annual security risk assessment
Represent Trust and Security Governance on critical security projects
Develop broad knowledge on the implementation of Rapid7’s security controls, policies, and processes across our products and corporate environments
Build positive relationships with partner teams in Marketing, Legal, Sales, Business Operations, People Development, and other teams to continuously improve our internal security culture and external awareness of Rapid7’s security program
Help create metrics to demonstrate the efficiency and effectiveness of our Trust program and to inform continuous program improvements
The skills you’ll bring include:
Experience working in organizational Governance, Risk, and Compliance (GRC) operations; general security operations; and/or IT/security audit
Experience supporting security compliance programs or operations involving frameworks such as ISO 27001, NIST CSF, PCI DSS, FedRAMP, SIG/SCA, SOC 2 Type II, etc.
Experience operating technical security controls/tools in the context of vulnerability management, incident response, cloud security, application security, etc.
Desire to collaborate with internal and cross-functional teams to positively impact organizational objectives
Excellent time management and prioritization skills with a strong ability to plan, prioritize, and execute projects independently or in coordination with other teams
Excellent ability to communicate to technical and non-technical audiences with a positive, collaborative, and enablement-focused attitude
Insatiable curiosity and desire to challenge conventional approaches to solving problems
We know that the best ideas and solutions come from multi-dimensional teams. Teams reflecting a variety of backgrounds and professional experiences. If you are excited about this role and feel your experience can make an impact, please don’t be shy - apply today.
Rapid7 (NASDAQ: RPD) helps organizations across the globe protect what matters most so innovation can thrive in an increasingly connected world. Our comprehensive technology, services, and community-focused research simplify the complex for security teams, helping them reduce vulnerabilities, monitor for malicious behavior, be in 10 places at once, and shut down attacks. We’re on a mission to make security solutions easier to use and access so we can bring safety and resilience to more people.
With more than 10,000 customers across 140+ countries, Rapid7 is a leader in cybersecurity that has earned numerous industry accolades and recognition for our technology and culture.
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.
These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work.
These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. If you do not allow these cookie we will not know when you have visited our site, and will not be able to monitor its performance.