This job has expired, please see additional jobs below
Paranoids Security Risk Manager
Yahoo!
Sunnyvale, CA, United States
Job Details - this job has expired, please see similar jobs below
Description
Yahoo is a guide focused on making users' daily habits inspiring and entertaining. By creating highly personalized experiences for our users, we keep people connected to what matters most to them, across devices and around the world. In turn, we create value for advertisers by connecting them with the audiences that build their businesses.
A Little About Us
When you impact millions of people every day, you become a large target for adversaries in all layers of the stack. Our job is to keep our users safe and make Yahoo one of the safest places on the Internet.
We are the information security team at Yahoo. People call us “The Paranoids”.
In this role you will lead and grow a team of risk and compliance analysts. You will work with people from around the company to understand and prioritize security risks through formal risk assessments. This is no ordinary compliance role. We’re looking for someone who is a security professional first, and who has additional skills and experiences to understand, measure and manage risk through formal processes. You will lead the efforts to weave security and risk-based thinking into our business processes.
You’ll partner with teams across the company including IT, Network, Engineering, and Legal to help us protect over a billion users.
A Lot About You
Your Day
• Lead a team of security risk analysts to collect, analyze, and present security metrics company-wide
• Grow this team of risk and compliance analysts
• Serve as the primary point of contact for security and maturity reviews
• Chair a security and risk committee with participants from around the company
• Lead our security awareness initiatives
You Must Have
• Solid knowledge of attacker lifecycles and defender strategies
• Experience collecting, analyzing, and presenting security metrics
• Significant experience managing a security risk/GRC program with security frameworks such as the NIST Cybersecurity Framework or ISO 27001/2
• Experience creating and managing compliance controls, as well as managing internal and external auditors
• Experience with technologies such as networks, encryption, vulnerability management, identity and access management, endpoint management, containers and virtualization, and cloud services
• Experience establishing or managing a risk assessment program, including internal security reviews as well as third party reviews