GRC Security Risk Manager (Remote)

As a global leader in cybersecurity, CrowdStrike protects the people, processes and technologies that drive modern organizations. Since 2011, our mission hasn’t changed — we’re here to stop breaches, and we’ve redefined modern security with the world’s most advanced AI-native platform. Our customers span all industries, and they count on CrowdStrike to keep their businesses running, their communities safe and their lives moving forward. We’re also a mission-driven company. We cultivate an inclusive culture that gives every CrowdStriker both the flexibility and autonomy to own their careers. We’re always looking to add talented CrowdStrikers to the team who have limitless passion, a relentless focus on innovation and a fanatical commitment to our customers, our community and each other. Ready to join a mission that matters? The future of cybersecurity starts with you.

CrowdStrike is seeking a highly experienced GRC Security Risk Manager to oversee and manage our cybersecurity risk management, issues and exceptions management, policy governance, and control framework programs. This critical role will play a key part in ensuring the security and integrity of our organization.

Responsibilities:

• Oversee and manage CrowdStrike's cybersecurity risk management, issues and exceptions management, policy governance, and control framework programs

• Identify, assess, measure, monitor, and report on information security risks

• Track and remediate security issues and exceptions

• Govern security policy, standards, and controls through CrowdStrike's Governance, Risk, and Compliance (GRC) program

• Collaborate with Security teams, Engineering, and Internal Audit to ensure alignment and effective risk management

• Lead organizational efforts in defining, establishing, managing, and enforcing cybersecurity policies, standards, and procedures

Ideal Candidate: We're looking for a seasoned security professional with expertise in risk management, cybersecurity principles, and effective communication. The ideal candidate will have:

• Expert-level understanding of current processes and a proactive approach to improving CrowdStrike's risk posture and GRC program

• Strong collaboration and communication skills, with the ability to work effectively across all levels of the organization

• Relevant certifications (e.g. CISSP, CISM, CRISC) and experience in a similar role

What We Offer: The opportunity to work in a fast-paced, secure, and empowered environment in the tech industry, with a team of experienced security professionals.

What You'll Do:

Team Leadership:

•  Lead a team of specialist, ensuring their engagement, development, and performance in alignment with expectations.
   

Program Development and Management:

• Develop and implement a comprehensive cybersecurity risk management program to identify, assess, and mitigate risks across the organization.

• Mature and enhanceBuild out the issues and exceptions management program to improve efficiency, effectiveness, user experience, and program scope.

• Mature the policy governance program through content enhancement, stakeholder engagement, and enterprise awareness.

Continuous Improvement:

• Proactively identify areas of improvement within Cyber GRC and lead efforts to address and remediate.

• Perform other duties within the scope of GRC.

What You'll Need:
 

Education and Experience:

• At least 10+ years of job-related experience in a related field, with a preferred BA or BS / MA or MS degree in Computer Science/Engineering, Math, Information Security, Information Systems, Information Assurance, Information Security Management, Intelligence Studies, Data Science, Cybersecurity, or other related field.

Technical Skills:

• Proven experience in security risk management, including risk assessments, issue management, policy governance, and risk mitigation, with expertise in GRC tool implementation (ServiceNow).

• Practical experience with policy and regulatory requirements such as SOC1/SOC2, CSA-CCM, ISO27001/27002/27031, GDPR, PCI-DSS and frameworks such as NIST Risk 800-34, NIST 800-53, etc.

• Advanced technical understanding of key technologies such as operating systems, networks, application development, databases, virtualization, and cloud infrastructures.

Soft Skills:

• Proven track record of successfully collaborating with cross-functional teams across multiple regions to achieve business objectives.

• Ability to build rapport and maintain relationships across functions within the company, with external vendors, and with governmental teams.

• Ability to think strategically about risks and tie those risks to tactical organizational activities.

Program and Project Management:

• Program and project management experience in scoping, work break-down, critical path analysis, resourcing, managing time and cost estimates, project risks, and quality.

Bonus Points:

• Experience with leading GRC products, such as ServiceNow, and/or cloud environments, including CrowdStrike products or services.

• Practical experience in Software Development and Secure Coding best practices.

#LI-RC1
#LI-Remote

Benefits of Working at CrowdStrike:

• Remote-friendly and flexible work culture

• Market leader in compensation and equity awards

• Comprehensive physical and mental wellness programs 

• Competitive vacation and holidays for recharge  

• Paid parental and adoption leaves

• Professional development opportunities for all employees regardless of level or role

• Employee Resource Groups, geographic neighbourhood groups and volunteer opportunities to build connections

• Vibrant office culture with world class amenities

• Great Place to Work Certified™ across the globe

Right to Work

CrowdStrike, Inc. is committed to fair and equitable compensation practices. The base salary range for this position in the U.S. is $110,000 - $190,000 per year + variable/incentive compensation + equity + benefits. A candidate's salary is determined by various factors including, but not limited to, relevant work experience, skills, certifications, job level, supervisory status, and location.

Expected Close Date of Job Posting is:02-24-2025