Security GRC Specialist
Remote, United States /
Engineering – Trust and Security /
Full-Time
/ Remote
Confluent is pioneering a fundamentally new category of data infrastructure focused on data in motion. Have you ever found a new favorite series on Netflix, picked up groceries curbside at Walmart, or paid for something using Square? That’s the power of data in motion in action—giving organizations instant access to the massive amounts of data that is constantly flowing throughout their business. At Confluent, we’re building the foundational platform for this new paradigm of data infrastructure. Our cloud-native offering is designed to be the intelligent connective tissue enabling real-time data, from multiple sources, to constantly stream across the organization. With Confluent, organizations can create a central nervous system to innovate and win in a digital-first world.
We’re looking for self-motivated team members who crave a challenge and feel energized to roll up their sleeves and help realize Confluent’s enormous potential. Chart your own path and take healthy risks as we solve big problems together. We value having diverse teams and want you to grow as we grow—whether you’re just starting out in your career or managing a large team, you’ll be amazed at the magnitude of your impact.
About the role:
As the Governance, Risk and Compliance Specialist in the Trust & Security organization you will play a critical role in fulfilling the vision to secure Confluent’s platform and cloud offerings through a combination of technical expertise, security risk management, customer assurance, third party risk management, and excellent program management skills. You should be experienced in creating and maintaining risk registers, facilitating security control discussions with internal and external stakeholders, customers, and developing metrics programs to report.
Who you are:
- Smart, humble, and empathetic
- Have a strong sense of teamwork and put team’s and company’s interests first
- Driven and excited about challenges of a fast-paced, innovative software startup environment
Primary Responsibilities:
- Help support various parts of the company to adopt a common risk and control framework
- Help with maintenance of risk register and issue management programs to ensure security risks are centrally and consistently cataloged, appropriately monitored, reported and risk treatment decisions are clearly documented
- Assist in periodic re-validation of our Top Risks and drive improvements for risk reduction
- Assist with the implementation and operation of Governance Risk and Compliance (GRC) tooling to further improve and automate our GRC processes
- Assist with all ongoing compliance activities related to the implementation, maintenance, monitoring, and continuous improvement of the Information Security Management System (ISMS)
- Evaluate the effectiveness of information security controls and performance by developing, monitoring, gathering, and analyzing information security and compliance metrics for management
- Advise and collaborate with SMEs, including Audit & Compliance teams, to ensure adequate security controls are in place to manage risk and are aligned with leading best practices
- Perform third party risk assessments to maintain oversight of third party vendors
- Manage and coordinate customer assurance questionnaires, audits and assessments, and calls
- Monitor and track Sales Field Feedback requests which may drive the development of security product or program enhancements
In collaboration with Confluent Legal, review customer contracts regarding security related clauses and facilitate discussions with customers and stakeholders.
Required Skills and Experience:
- Experience working with Agile methodology, JIRA and GRC tools
- We are looking for people with 2-4 years of relevant industry experience
- Strong knowledge of and experience in security risk management and with frameworks including related regulatory compliance requirements (e.g., SOC 1/2, HITRUST, FedRAMP, PCI, ISO2700X) required
- Strong knowledge of and experience in all facets of integrated security governance, risk, and compliance management
- Experience working with, Cloud technologies/environments, AWS or other related cloud experience is required
- Strong communication, interpersonal and leadership skills to work with both engineering and other non-technical stakeholders
- Strong technical skills.
- Bachelor's degree in Computer Science, a related field or equivalent practical experience.
At Confluent, we are committed to providing competitive pay and benefits that are in line with industry standards. We analyze and carefully consider several factors when determining compensation, including work history, education, professional experience and location. This position has an annual estimated salary of $124,300 - $143,000 USD, an annual bonus, and a competitive equity package. The actual pay may vary depending on your skills, qualifications, experience and work location. In addition, Confluent offers a wide range of employee benefits. To learn more about our benefits click HERE.
Come As You Are
At Confluent, equality is a core tenet of our culture. We are committed to building an inclusive global team that represents a variety of backgrounds, perspectives, beliefs, and experiences. The more diverse we are, the richer our community and the broader our impact. Employment decisions are made on the basis of job-related criteria without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, or any other classification protected by applicable law.
Confluent requires all employees (in office and remote) in the U.S. to be vaccinated for COVID-19. Consistent with federal, state, and local requirements, Confluent will consider requests for reasonable accommodation based on medical conditions/contraindications or sincerely-held religious beliefs where it is able to do so without undue hardship to the company.
Click here to review our Candidate Privacy Notice, which describes how and when Confluent, Inc., and its group companies, collects, uses, and shares certain personal information of job applicants and prospective employees.
#LI-Remote
