Information Security - Senior Risk Analyst

We’re always on the search for amazing people. People who have a real passion for what they do and are masters at their craft. We are looking for a Senior Risk Analyst to join our team in Information Security (InfoSec). The InfoSec team leads the strategy, policy, and programs for information security company-wide. Our responsibilities include risk management, implementing a holistic security program, driving compliance initiatives, recommending and implementing security controls, preventing and detecting security threats, and handling incident response. We do all of this in a globally distributed company, thinking differently about how to best achieve critical information security objectives.

• Are you passionate about helping an organization establish and maintain a risk-based approach to achieve strong security posture?
• Do you want to be in a role that significantly supports the overall success of the team and company?

This could be your dream job, and we'd love to meet you!

What you will be doing:

• Helping build Elastic’s quantified risk management program; we are taking a very non-traditional approach by using actual numbers and our own ELK stack. Ideally, you have a background in statistics, math, or another quantitative field with some level of technical acumen.
• Conducting risk assessments to support a variety of different processes such as vendors, control non-conformance, and top risks, through an approach that is relevant and aligned with how we operate as an organization
• Striving for continuous improvement - continuously learning and challenging ourselves every day

What you've done:

• Background in statistics, math, or another quantitative field; Python scripting skills are highly preferred
• Built a career of meaningful work experience across engineering and IT organizations
• Led and owned initiatives that crossed teams or departments
• Knowledge of risk assessments for a global organization; FAIR experience would be a bonus
• Educated all levels of an organization in an approachable manner and tailored your message to fit your audience
• Experience with our ELK stack would be a bonus
• Experience with Github and version control would be a bonus
• Relevant certifications such as CISSP or CRISC would be a bonus