Job Details
Cyber Risk Manager
**A Little About Us**
Innovative, collaborative minds wanted. The world loves Postgres. We envision a world where organizations thrive by harnessing the full power of Postgres, the world's fastest growing and most loved and used open source database. Our mission is to enable data teams everywhere to harness the full power of Postgres, whether on premises or in the cloud, with high availability, reliability, scalability, and security.
We're #1 in Postgres. We aspire to become #1 in Postgres AI. We've been major contributors to Postgres since the beginning and we are proud to call thousands of boundary-pushing customers our partners. Proud though we are, we are not resting on our laurels. There's plenty of work to do. The good news is that everything we do will impact Postgres, which is to say that it will impact the world. No pressure.
EDB empowers organizations to take control of their data. As one of the leading contributors to the vibrant and fast-growing Postgres community, EDB is committed to driving innovation in AI, data and enterprise database technology. Our work is fueled by creative, dedicated people who are committed to help our customers and the community take Postgres everywhere. Join us!
**Job Summary**
As a **Cyber Risk Manager** at EDB you report directly to the Director of Information Risk Director and are a trusted member of the CISO staff. Your role leads the transformation of the security controls that help drive business growth and reduce downside information risks. You work closely with peers and stakeholders to clearly articulate technical objectives and implementation requirements for the internal security program and product capabilities. You are responsible for understanding multiple security frameworks, translating objectives, partnering with stakeholders on control design, implementation, and other security initiatives. EDB is embarking on a large transformation of the security program for which you will be a leading voice of change for the business.
The ideal candidate must be comfortable working in a global environment that supports flexible work schedules, and a distributed security model. Whether you are looking to expand autonomy in your role, build a new security foundation, or just needing a change of pace this role is for you!
**Candidate Note: This role is 100% remote. We are targeting candidates located in the United States.
**What your impact will be:**
+ Perform information risk assessments using EDB's common control framework, procedures, and policies against a combination of infrastructure, development, and business domains
+ Define technical security requirements for new products, features, and internal controls ensuring they meet industry standards and address key customer security risks.
+ Collaborate effectively with cross-functional teams, including product, engineering, marketing, and legal, to ensure security is integrated throughout the organization.
+ Identify key security challenges and opportunities related to our program and establish a strategic roadmap to address them.
+ Serve as an expert on security frameworks and objectives by assisting owners as they define new control activities, procedures and implementation
+ Partner with Information Security Program Management on the roadmap and execution of key security initiatives across EDB's business units
+ Identify issues with current and future control implementations with the ability to communicate with an emphasis on collaboration and action
+ Evaluate third party risk found in new products, integrations, and services introduced into EDB portfolio and the on-going evaluation of suppliers
+ Continuously improve operational risk management practices with engineering teams to assist with prioritization of security debt
+ Support enterprise risk management practices and drive strategic mitigation planning
**What you will bring:**
+ Extensive experience conducting technical security control analysis within regulated environments
+ Past responsibilities managing cyber threats, vulnerabilities, and the ability to translate business impacts
+ Ability to perform qualitative and quantitative analysis of risks, including mitigating action plans
+ Experience assessing technical footprints found within both on-prem and cloud environments
+ Strong experience with auditing security objectives of one or more of the following: SOC2, PCI, HIPAA, SSDF, FedRAMP (800-53), ISO 27001
+ Effective communication skills with the ability to translate technical concerns into business risks impacts
+ Personal management of multiple projects, security events and incidents as required for the role
+ Seek to understand, lead with a collaboration first approach
**What will give you an edge:**
+ Deep knowledge of the MITRE ATT&CK Framework, attack chains and attack path mapping
+ Familiarity with Open FAIR or other quant based cyber risk methodologies
+ Deep understanding of security frameworks such as NIST CSF, ISO 27001, SOC2, HIPAA, SSDF and FedRAMP
+ Minimum of 5 years of experience in product security or a related field.
+ Proven track record of developing and implementing successful security strategies
+ Strong understanding of secure coding practices, threat modeling, and vulnerability management
+ Experience working in a fast-paced, agile environment.
+ Relevant security certifications (e.g., CISSP, CISM) preferred
\#LI-Remote
EDB is committed to supporting our employees' overall well being by offering a range of benefits and resources to promote a healthy work-life balance and wellness. We provide access to Modern Health to aid employees in health and wellness tips and practices, as well as Wellness Fridays extending to June 2024! Check out our career site for more information on perks and benefits and reach out to our Talent Acquisition team for region specific benefits.
We know it takes a unique mix of people and skills to help us in our mission to supercharge Postgres, and we understand that not everyone will check every box. We'd love to hear from you and we want you to apply!
EDB is proud to be an equal opportunity workplace. We celebrate diversity and are committed to creating an inclusive environment for all employees. EDB was built on a commitment to trust and respect each other and to embrace an array of people and ideas. These values remain at the center of our culture and are key to our company's integrity.
EDB does not seek or accept unsolicited resumes or CVs from recruitment agencies. EDB and its affiliates are not responsible for, and will not pay, any fees, commissions, or any other similar payment related to unsolicited resumes or CVs except as required in a written signed agreement between EDB and the recruitment agency or party requesting payment of a fee.
\#LI-Remote #BI-Remote
Innovative, collaborative minds wanted. The world loves Postgres. We envision a world where organizations thrive by harnessing the full power of Postgres, the world's fastest growing and most loved and used open source database. Our mission is to enable data teams everywhere to harness the full power of Postgres, whether on premises or in the cloud, with high availability, reliability, scalability, and security.
We're #1 in Postgres. We aspire to become #1 in Postgres AI. We've been major contributors to Postgres since the beginning and we are proud to call thousands of boundary-pushing customers our partners. Proud though we are, we are not resting on our laurels. There's plenty of work to do. The good news is that everything we do will impact Postgres, which is to say that it will impact the world. No pressure.
EDB empowers organizations to take control of their data. As one of the leading contributors to the vibrant and fast-growing Postgres community, EDB is committed to driving innovation in AI, data and enterprise database technology. Our work is fueled by creative, dedicated people who are committed to help our customers and the community take Postgres everywhere. Join us!
**Job Summary**
As a **Cyber Risk Manager** at EDB you report directly to the Director of Information Risk Director and are a trusted member of the CISO staff. Your role leads the transformation of the security controls that help drive business growth and reduce downside information risks. You work closely with peers and stakeholders to clearly articulate technical objectives and implementation requirements for the internal security program and product capabilities. You are responsible for understanding multiple security frameworks, translating objectives, partnering with stakeholders on control design, implementation, and other security initiatives. EDB is embarking on a large transformation of the security program for which you will be a leading voice of change for the business.
The ideal candidate must be comfortable working in a global environment that supports flexible work schedules, and a distributed security model. Whether you are looking to expand autonomy in your role, build a new security foundation, or just needing a change of pace this role is for you!
**Candidate Note: This role is 100% remote. We are targeting candidates located in the United States.
**What your impact will be:**
+ Perform information risk assessments using EDB's common control framework, procedures, and policies against a combination of infrastructure, development, and business domains
+ Define technical security requirements for new products, features, and internal controls ensuring they meet industry standards and address key customer security risks.
+ Collaborate effectively with cross-functional teams, including product, engineering, marketing, and legal, to ensure security is integrated throughout the organization.
+ Identify key security challenges and opportunities related to our program and establish a strategic roadmap to address them.
+ Serve as an expert on security frameworks and objectives by assisting owners as they define new control activities, procedures and implementation
+ Partner with Information Security Program Management on the roadmap and execution of key security initiatives across EDB's business units
+ Identify issues with current and future control implementations with the ability to communicate with an emphasis on collaboration and action
+ Evaluate third party risk found in new products, integrations, and services introduced into EDB portfolio and the on-going evaluation of suppliers
+ Continuously improve operational risk management practices with engineering teams to assist with prioritization of security debt
+ Support enterprise risk management practices and drive strategic mitigation planning
**What you will bring:**
+ Extensive experience conducting technical security control analysis within regulated environments
+ Past responsibilities managing cyber threats, vulnerabilities, and the ability to translate business impacts
+ Ability to perform qualitative and quantitative analysis of risks, including mitigating action plans
+ Experience assessing technical footprints found within both on-prem and cloud environments
+ Strong experience with auditing security objectives of one or more of the following: SOC2, PCI, HIPAA, SSDF, FedRAMP (800-53), ISO 27001
+ Effective communication skills with the ability to translate technical concerns into business risks impacts
+ Personal management of multiple projects, security events and incidents as required for the role
+ Seek to understand, lead with a collaboration first approach
**What will give you an edge:**
+ Deep knowledge of the MITRE ATT&CK Framework, attack chains and attack path mapping
+ Familiarity with Open FAIR or other quant based cyber risk methodologies
+ Deep understanding of security frameworks such as NIST CSF, ISO 27001, SOC2, HIPAA, SSDF and FedRAMP
+ Minimum of 5 years of experience in product security or a related field.
+ Proven track record of developing and implementing successful security strategies
+ Strong understanding of secure coding practices, threat modeling, and vulnerability management
+ Experience working in a fast-paced, agile environment.
+ Relevant security certifications (e.g., CISSP, CISM) preferred
\#LI-Remote
EDB is committed to supporting our employees' overall well being by offering a range of benefits and resources to promote a healthy work-life balance and wellness. We provide access to Modern Health to aid employees in health and wellness tips and practices, as well as Wellness Fridays extending to June 2024! Check out our career site for more information on perks and benefits and reach out to our Talent Acquisition team for region specific benefits.
We know it takes a unique mix of people and skills to help us in our mission to supercharge Postgres, and we understand that not everyone will check every box. We'd love to hear from you and we want you to apply!
EDB is proud to be an equal opportunity workplace. We celebrate diversity and are committed to creating an inclusive environment for all employees. EDB was built on a commitment to trust and respect each other and to embrace an array of people and ideas. These values remain at the center of our culture and are key to our company's integrity.
EDB does not seek or accept unsolicited resumes or CVs from recruitment agencies. EDB and its affiliates are not responsible for, and will not pay, any fees, commissions, or any other similar payment related to unsolicited resumes or CVs except as required in a written signed agreement between EDB and the recruitment agency or party requesting payment of a fee.
\#LI-Remote #BI-Remote
Job #NLX256351287