Manager, InfoSec Governance, Risk & Compliance (Remote)

United States - Remote

SentinelOne

SentinelOne vereint Endpunkt-, Cloud-, Identitäts- und Datensicherheit. Angereichert durch unseren Security Data Lake für eine nahtlose und effiziente Cybersecurity.

View company page

About Us:

SentinelOne is defining the future of cybersecurity through our XDR platform that automatically prevents, detects, and responds to threats in real-time. Singularity XDR ingests data and leverages our patented AI models to deliver autonomous protection. With SentinelOne, organizations gain full transparency into everything happening across the network at machine speed – to defeat every attack, at every stage of the threat lifecycle. 

We are a values-driven team where names are known, results are rewarded, and friendships are formed. Trust, accountability, relentlessness, ingenuity, and OneSentinel define the pillars of our collaborative and unified global culture. We're looking for people that will drive team success and collaboration across SentinelOne. If you’re enthusiastic about innovative approaches to problem-solving, we would love to speak with you about joining our team!

What We Are Looking For:

We are looking for a highly motivated, collaborative Manager, InfoSec Governance, Risk & Compliance (GRC) with a security-throughout mindset who can balance risk, business drivers and timelines. This position will be responsible for managing the Risk and Compliance team and understanding and supporting the design of SentinelOne's organizational, procedural and technological security controls within the context of the security frameworks applicable to SentinelOne. The selected employee will help implement, automate, document and maintain controls while supporting and responding to inquiries from internal and external stakeholders.

Our Team:

This is a rare opportunity to work with some of the best InfoSec minds on the internal security of a growing information security company! You’ll be working in an industry leading high-tech cybersecurity company. Our global teams are at the front-line of defense against cyberattacks, combining unmatched cyber security knowledge! We’re joined by one mission – but driven by the impact of that mission and what it means to protect our way of life in the digital age. Join a dynamic and fast-paced team that feels excitement at the prospect of a challenge and feels a thrill at resolving security gaps that inhibit our privacy.

What You Will Do:

  • Help in evaluating relevant global standards, compliance frameworks and regulations to analyze existing controls; identify areas for improvement; and design control growth
  • Participate in internal Security and Compliance program and track recurring controls, such as SSAE 18 SOC 2, ISO 27001/27002
  • Help support customer security reviews, RFPs and external security and privacy inquiries
  • Help support internal/external audits and evidence collection
  • Document new and update existing policies, procedures, standards and resources
  • Participate in Security Awareness program, train personnel on data security and privacy-related processes and responsibilities
  • Participate in defining, collecting and tracking various Security Metrics

What Skills and Knowledge You Should Bring:

Required Qualifications:

  • 10+ years of experience working in Information Security or Compliance
  • 5+ years of experience managing InfoSec professionals 
  • Experience with, and strong understanding of, at least several of the following security compliance frameworks, controls, and best practices: COSO, SSAE 18 SOC 2, SOX ITGC, ISO 27001/27002, GDPR, NIST 800-53, PCI, HIPAA and other applicable regulatory compliance frameworks
  • Experience working with Security Controls across at least some of the following domains: Access Management, Encryption, Risk Management, Network Security, Configuration Management, Patch Management, Change Management, Awareness and training, BC/DRP, etc.
  • Ability to balance risk, potential impact, resourcing, business drivers, and timelines
  • Ability to work closely with cross-functional stakeholders
  • Ability to communicate effectively, in writing and verbally, to target audiences, including customers, partners, auditors, executive management, vendors, and peers
  • Experience working with both technical and non-technical teams
  • Ability and desire to understand the intent of requirements and provide effective recommendations
  • Ability to prioritize in a highly dynamic work environment

Preferred Qualifications:

  • Advanced degree in computer science, information technology or Information security
  • Relevant certifications (e.g., ISO 27001 LA/LI, CISA, CISM, CISSP, CEH, CCSK, etc.)
  • Ability to assess and pragmatically define scope and relevant controls
  • Strong desire to learn and continuously develop and deepen technical skills

#LI-AK3

SentinelOne is proud to be an Equal Employment Opportunity and Affirmative Action employer. We do not discriminate based upon race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics.

SentinelOne participates in the E-Verify Program for all U.S. based roles. 

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Tags: Audits CEH CISA CISM CISSP Compliance Computer Science Encryption GDPR Governance HIPAA ISO 27001 Network security NIST Privacy Risk management SOC SOC 2

Perks/benefits: Startup environment Transparency

Regions: Remote/Anywhere North America
Country: United States
Job stats:  28  7  1

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.