Risk and Compliance Manager
Canada, Israel, Romania, or Remote
Snyk
Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.Every day, the world gets more digital thanks to tens of millions of developers building the future faster than ever. But with exponential growth comes exponential risk, as outnumbered security teams struggle to secure mountains of code. This is where Snyk (pronounced “sneak”) comes in. Snyk is a developer security platform that makes it easy for development teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and cloud infrastructure — and do it all right from the start. Snyk is on a mission to make the world a more secure place by empowering developers to develop fast and stay secure.
All roles listed as ‘remote’ are available as remote within the same country.
Overview
Snyk is looking for a Risk and Compliance Manager to own, maintain and continuously develop our Supplier Enterprise Risk and Supplier Risk Management process.
Our goal is to help our rapidly growing company continue to innovate and excel while still diligently addressing risks to our customers and employees. This is an individual contributor role reporting into the Director of Compliance, Audit & Assurance, and is n opportunity to further a career in Information Security/ Risk Management under the mentorship of an experienced professional in the field.
You'll spend your time:
- In collaboration with the rest of the GRC Team, defining and evolving the Supplier Risk Management process to meet the future needs of FedRamp moderate compliance
- Working closely with the Procurement Team to classify and assess new suppliers for risk as part of on-boarding
- Reviewing vendor contractual terms to ensure compliance with Snyk Information Security Policies and Standards
- Advising on, documenting and tracking identified supplier risks
- Performing recurring risk assessments of existing suppliers and internal functions
- Collaborating on other areas of Enterprise GRC such as overall Risk Management, Audit and Compliance Programs as well as Business Continuity Planning & Incident Management
You should apply if you have:
- Work experience related to Information Technology, Information Security, GRC, FedRAMP or business processes
- Strong critical thinking and problem solving skills
- Ability to work independently in a remote setting
- Strong written and verbal communication skills
Proven experience in risk management administration
We'd especially love to hear from you if you:
- have experience with FedRAMP/FISMA/NIST 800-53 Vendor Management
- have CRISC certification (or equivalent)
- are familiar with project planning and management
- are excited by Snyk’s mission, open-source, or developer tools
Interested?
Please apply below! We care deeply about the warm, inclusive environment we’ve created and we value diversity - we welcome applications from those typically underrepresented in tech. If you like the sound of this role, but are not totally sure whether you’re the right person, do apply anyway :)
#LI-HW1
#LI-remote
We care deeply about the warm, inclusive environment we’ve created and we value diversity – we welcome applications from those typically underrepresented in tech. If you like the sound of this role but are not totally sure whether you’re the right person, do apply anyway!
About Snyk
Snyk is committed to creating an inclusive and engaging environment where our employees can thrive as we rally behind our common mission to make the digital world a safer place. From Snyk employee resource groups, to global benefits that help our employees prioritize their health, wellness, financial security, and a work/life blend, we aim to support our employees along their entire journeys here at Snyk.
Benefits & Programs
Prioritize health, wellness, financial security, and life balance with programs tailored to your location and role.
- Flexible working hours, work-from home allowances, in-office perks, and time off for learning and self development
- Generous vacation and wellness time off, country-specific holidays, and 100% paid parental leave for all caregivers
- Health benefits, employee assistance plans, and annual wellness allowance
- Country-specific life insurance, disability benefits, and retirement/pension programs, plus mobile phone and education allowances
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Cloud Compliance CRISC FedRAMP FISMA NIST NIST 800-53 Risk assessment Risk management Vendor management Vulnerabilities
Perks/benefits: Career development Flex hours Flex vacation Health care Insurance Parental leave Startup environment Wellness
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Security Operations Engineer jobs
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Specialist jobs
- Open Cyber Security Architect jobs
- Open Staff Security Engineer jobs
- Open Product Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Chief Information Security Officer jobs
- Open Consultant SOC / CERT H/F jobs
- Open Cybersecurity Consultant jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open Senior Security Architect jobs
- Open IT Security Engineer jobs
- Open Clearance-related jobs
- Open Windows-related jobs
- Open ISO 27001-related jobs
- Open Application security-related jobs
- Open Network security-related jobs
- Open Agile-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open IDS-related jobs
- Open Security Clearance-related jobs
- Open Malware-related jobs
- Open Kubernetes-related jobs
- Open EDR-related jobs
- Open CEH-related jobs
- Open IPS-related jobs