The Team

We are looking to hire an experienced Security Risk Management Specialist on our Governance, Risk, and Compliance team. This role will be responsible for identifying and managing security risk across Cloudflare’s production environment and critical business functions.

At Cloudflare, risk management lays the foundation for protecting Cloudflare and our customers. The Risk team identifies risk throughout the company and prioritizes mitigation efforts to drive Security team priorities. We do not believe in tick-box security, so for us risk management is a pathway to doing things right. 

This is an opportunity to join a rapidly scaling and world class security organization within a billion dollar business. We guarantee that you won’t get bored. 

What you’ll do

• Implement Cloudflare’s risk management methodology 
• Lead enterprise and targeted risk assessments across the organization 
• Identify risk findings through vulnerabilities, security incidents, audits, and other security programs and determine how to integrate these into Cloudflare’s risk register 
• Implement Cloudflare’s new risk calculation formula across the risk register and enterprise risks 
• Drive risk treatment by determining risk ownership, recommending mitigation plans, and ensuring risks are included in technical organizations’ roadmaps 
• Partner with security managers and technical program managers to develop risk-based roadmaps and support Security Team planning discussions
• Implement and manage new Risk Governance processes with Security and technical organization leadership
• Support risk updates to Executive leadership and Cloudflare’s Risk and Compliance Committee
• Ensure alignment between security risk and the internal audit and privacy teams
• Maintain our Security Risk Management Policy, supporting process documentation, and Cloudflare’s risk register
• Support internal and external audits related to Cloudflare’s risk management processes
• Some travel may be required to engage teammates and stakeholders in San Francisco, Austin, or other global Cloudflare locations.  

Examples of desirable skills, knowledge and experience

• Senior level Security Risk Management experience typically gained in 8+ years experience working in GRC 
• Experience communicating, conducting, and managing security risk assessments; recommending mitigating controls; and reporting findings to leadership
• Experience driving risk remediation and partnering with cross functional teams 
• Experience implementing a security risk methodology including processes for risk identification, prioritization, mitigation, reporting, and monitoring
• Experience reporting on risks and program operations to management
• Solid understanding of security risk and control frameworks such as ISO 27001, NIST SP 800-37, NIST SP 800-30, and NIST SP 800-53
• Familiarity with Common Vulnerability Scoring System (CVSS), OWASP Risk Rating Methodology, and the MITRE ATT&CK Matrix 
• Solid understanding cloud security architectures, technologies, and security controls 
• Strong analytical and interpersonal skills
• Self-starter with the ability to work independently with a sense of curiosity