Security Risk Manager
Security Risk Manager
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Job Description
About Pantheon
Pantheon WebOps Platform powers the open web running more than 300000 sites in the cloud for customers including Google Princeton Salesloft and Doctors Without Borders. Every day thousands of developers and marketers create iterate and scale WordPress and Drupal sites to reach billions of people globally. Pantheons multitenant container-based platform enables organizations to manage all of their websites from a single dashboard. Organizations including Clorox and the United Nations drive results through accelerated development and real-time publishing using Pantheons collaborative workflows.
The Role
Drive technical risk excellence across Pantheon as a key member of our Governance Risk and Compliance (GRC) team. Youll collaborate with teams throughout the organization to transform security risk initiatives into sustainable programs that support our business growth compliance requirements and security objectives. By combining your risk expertise with program management skills youll help shape the future of Pantheons GRC strategy while solving complex challenges critical to Pantheons continued growth and success.
About The Team
Our GRC team serves as the second line of defense and works closely with Information Security IT Product Engineering Legal and other departments to ensure comprehensive risk management across Pantheon. We create and maintain processes that identify assess and mitigate risk. The GRC team plays a vital role in supporting Pantheons commitment to delivering a secure reliable and available platform for our customers.
Remote Canada-based
We are only considering candidates based in Canada for this position with a preference for those located in Vancouver BC or Toronto ON
What You Need to Succeed:
- Define the Risk Management Methodology: The Risk Manager is responsible for creating and documenting Pantheons overall approach to risk. This includes defining the criteria for what constitutes an acceptable level of risk (risk appetite) how to score the likelihood and impact of a risk and how to ultimately treat those risks. This ensures everyone in the organization is on the same page and using a consistent process.
- Lead the Risk Assessment Process: This is the most crucial part. The Risk Manager orchestrates and guides the process of identifying analyzing and evaluating all information security risks. This individual ensures that all assetsfrom data and software to physical devices and intellectual propertyare considered. The Risk Manager works with different departments to identify potential threats and vulnerabilities.
- Develop the Risk Treatment Plan (RTP): Once risks are identified and assessed the Risk Manager develops the formal plan for how to address each one. ISO 27001 gives four main options for risk treatment:
- Modify: Implementing controls to reduce the risk. This is the most common option.
- Retain: Accepting the risk because it falls within the acceptable risk appetite.
- Avoid: Stopping the activity that causes the risk.
- Transfer: Shifting the risk to a third party for example through cyber insurance or outsourcing.
The Risk Manager documents these treatment option decisions and ensures each risk has a designated risk owner who is accountable for its treatment.
- Create the Statement of Applicability (SoA): This is a critical document for ISO 27001 certification. The Risk Manager is responsible for compiling the SoA which details all the controls from ISO 27002 that Pantheon has selected to mitigate its identified risks. The SoA also includes justifications for any controls that were deemed unnecessary and not included.
- Monitor and Report: The Risk Manager continuously monitors the effectiveness of the implemented controls and the overall risk environment. The individual provides regular reports to the Director of GRC on Pantheons risk posture any new or emerging threats and the status of the risk treatment plan. This ensures that the ISO 27001 Information Security Management System (ISMS) is always evolving to meet new challenges.
- Maintain Risk-Related Documentation: A significant part of the Risk Managers job is maintaining all the necessary documentation including the risk register the risk treatment plan and the statement of applicability. This is essential for a smooth audit process.
What You Bring to the Table
- Risk Management Expertise: 6 years of a strong background in formal risk management frameworks such as ISO 27001/ISO 27005 NIST SP 800-30 or others.
- RIsk Registers Experience: Experienced in implementing and maintaining comprehensive risk registers and control inventories.
- Communication & Collaboration: The ability to effectively and proactively work across teams (Information Security IT Product Engineering Legal etc.) to gather information and ensure buy-in.
- Analytical Skills: The ability to analyze data and make informed decisions about risk prioritization and treatment.
- GRCs Role: An understanding of GRCs role within broader security and risk management contexts.
- GRC Tool Proficiency: Experience with GRC platforms (especially Vanta or OneTrust) can be a huge plus as they can streamline documentation evidence collection and reporting.
- Certifications: Certifications like CRISC (Certified in Risk and Information Systems Control) or ISO 27001 Lead Implementer are highly valuable as they demonstrate a proven understanding of the domain.
What We Offer
We have all the usual perks and benefits but what we can really offer you is a fantastic work environment powered by an amazing team.
- Industry competitive compensation and equity plan
- Paid Time Off (PTO) Paid Sick Leave (PSL) and 11 Paid Company Holidays
- Full medical coverage (Extended health care dental vision)
- In-office workspace (Vancouver)
- Top-of-line equipment
- Monthly allowance for wellness reading and access to LinkedIn Learning for continued development
- Events and activities both team-based and company wide that inspire educate and cultivate
The Canadian base salary range for this position is between 00 CAD per year. Our salary ranges are determined by role level and location.
Pantheon is an equal opportunity/affirmative action employer and we welcome applications from all backgrounds regardless of race color religion sex national origin ancestry age marital status sexual orientation gender identity veteran status disability or any other classification protected by law. Pantheon complies with federal and local disability laws and makes reasonable accommodations for applicants and employees with disabilities. If you need a reasonable accommodation due to a disability for any part of the interview process please contact Pursuant to local and federal regulations Pantheon will consider qualified applicants with arrest and conviction records for employment.
To review the Employee and Applicants Privacy Policy click here.
Required Experience:
Manager
Employment Type
Full Time
