Senior Manager @ Grafana Labs

Senior Manager

Security GRC, Remote, USA

Posted on 3/21/2023

INACTIVE

Locations

Remote • United States

Experience Level

Entry

Junior

Mid

Senior

Expert

Desired Skills

Agile

Communications

Requirements

A successful candidate in this role would be able to:
Develop, build, and roll out information, cyber, open source and cloud security governance frameworks
Lead a security governance structure that drives effective decision-making across the Grafana leadership team
Establish a cadence for security program reviews, support existing accreditations and identify strategic maturity opportunities for compliance
Implement a mechanism for quantifiable risk-based security evaluation, prioritization and ownership
Build partnerships with cross-functional stakeholders who are decision-makers for security initiatives
Socialize and provide awareness of policies, standards, processes, and controls with relevant stakeholders
Design a comprehensive Security Risk Management framework aligned with the business and security strategies
Develop and manage Security GRC reporting metrics and dashboards
Partner with engineering and operations teams on the business continuity and digital resilience program
Identify, design, and implement process improvement initiatives to ensure scalability, allowing us to work smart and reduce repetitive tasks for customers and internal teams
Privacy regulations and frameworks (GDPR, CPRA/CCPA, CSA CoC for GDPR, Privacy Shield, SCCs, ISO 27701)
Corporate IT security operations, technology trends, and current cyber threat landscape
Working with Solutions Engineers and GTM teams to provide adequate artifacts for customer requirements
You should be able to demonstrate the following:
Passion for understanding our customers, open source community, products, culture, and business model
A strong desire to learn in a rapidly growing and dynamic startup environment
Ability to work closely with end users in a consulting or support capability
Excellent written and verbal communication skills
Good interpersonal skills and capabilities to build long-term business relationships
BS/MS degree in engineering, computer science, or information security, or equivalent experience
CISSP, CISA, CISM and/or other cloud security solutions certifications are a plus

Responsibilities

Our Security Assurance department is in the business of trust, transparency, and advisory. We aim to prove to others and ourselves that we are trustworthy and do what we say. We deliver on this by aligning missions across four core programs: Supply Chain Risk Management, Privacy Operations, Security GRC, and Customer Trust & Security. In addition, we have a team of intelligent, dedicated, and highly collaborative SMEs responsible for building and maintaining well-defined solutions that help grow our business
To support our growth and ambitious vision, we embrace agile principles and values, share openly, apply context-driven security mechanisms, default to action, and have an OSS-first mindset. We are a 100% remote company
The Senior Security GRC Manager will collaborate with teams across the company to understand, contextualize, design, implement, and report on our global security, risk, compliance, and technology requirements for security. Ideally, you would be familiar with operating in a cloud-native, remote product organization
This is a people manager role reporting to the Director of Security Assurance

Desired Qualifications

In the United States, the Base (OTE for commission positions) compensation range for this role is $168,000- $ 201,000. Actual compensation may vary based on level, experience, and skillset as assessed in the interview. Benefits include equity, (if applicable) and other benefits listed here

Team

Our Security Assurance department is in the business of trust, transparency, and advisory. We aim to prove to others and ourselves that we are trustworthy and do what we say. We deliver on this by aligning missions across four core programs: Supply Chain Risk Management, Privacy Operations, Security GRC, and Customer Trust & Security. In addition, we have a team of intelligent, dedicated, and highly collaborative SMEs responsible for building and maintaining well-defined solutions that help grow our business.

To support our growth and ambitious vision, we embrace agile principles and values, share openly, apply context-driven security mechanisms, default to action, and have an OSS-first mindset. We are a 100% remote company.

Role

The Senior Security GRC Manager will collaborate with teams across the company to understand, contextualize, design, implement, and report on our global security, risk, compliance, and technology requirements for security. Ideally, you would be familiar with operating in a cloud-native, remote product organization.

This is a people manager role reporting to the Director of Security Assurance.

Skills

A successful candidate in this role would be able to:

Develop, build, and roll out information, cyber, open source and cloud security governance frameworks.

Lead a security governance structure that drives effective decision-making across the Grafana leadership team.

Establish a cadence for security program reviews, support existing accreditations and identify strategic maturity opportunities for compliance.

Implement a mechanism for quantifiable risk-based security evaluation, prioritization and ownership.

Build partnerships with cross-functional stakeholders who are decision-makers for security initiatives.

Socialize and provide awareness of policies, standards, processes, and controls with relevant stakeholders.

Design a comprehensive Security Risk Management framework aligned with the business and security strategies.

Develop and manage Security GRC reporting metrics and dashboards.

Partner with engineering and operations teams on the business continuity and digital resilience program.

Identify, design, and implement process improvement initiatives to ensure scalability, allowing us to work smart and reduce repetitive tasks for customers and internal teams.

Knowledge

You should know a lot about:

Security governance, risk management and compliance engineering in cloud-native environments (GCP, AWS, Azure, Kubernetes, LogicGate, Secureframe, Jira, ServiceNow GRC).

Information security frameworks and standards (SOC 2, ISO 27001, ISO 27018, ISO 27017, ISO 22301, CISv8, CSA STAR and TISAX).

Securing the workforce of a remote-first organization.

Operationalizing Business Impact Assessments (BIAs) and Business Continuity Management Systems (BCMS).

Translating minimum viable policies into realistic and measurable controls. Read more here: https://grafana.com/blog/2021/12/20/the-values-behind-scaling-cloud-native-security-at-grafana-labs/

You should have some knowledge of the following:

Privacy regulations and frameworks (GDPR, CPRA/CCPA, CSA CoC for GDPR, Privacy Shield, SCCs, ISO 27701).

Corporate IT security operations, technology trends, and current cyber threat landscape.

Working with Solutions Engineers and GTM teams to provide adequate artifacts for customer requirements.

Aptitude

You should be able to demonstrate the following:

Passion for understanding our customers, open source community, products, culture, and business model.

A strong desire to learn in a rapidly growing and dynamic startup environment.

Ability to work closely with end users in a consulting or support capability.

Excellent written and verbal communication skills.

Good interpersonal skills and capabilities to build long-term business relationships.

Education

BS/MS degree in engineering, computer science, or information security, or equivalent experience.

CISSP, CISA, CISM and/or other cloud security solutions certifications are a plus

In the United States, the Base (OTE for commission positions) compensation range for this role is $168,000- $ 201,000. Actual compensation may vary based on level, experience, and skillset as assessed in the interview. Benefits include equity, bonus (if applicable) and other benefits listed here.

About Grafana Labs: There are more than 950,000 active installations of Grafana around the globe, monitoring everything from beehives to climate change in the Alps. The instantly recognizable dashboards have been spotted everywhere from a NASA launch and Minecraft HQ to Wimbledon and the Tour de France. Grafana Labs also helps companies including Bloomberg, JPMorgan Chase, and eBay manage their observability strategies with full-stack offerings that can be run fully managed with Grafana Cloud, or self-managed with Grafana Enterprise Stack. The Grafana stack has grown to include four other open source projects, Grafana Loki (for logs), Grafana Tempo (for traces), Grafana Mimir (for metrics), and Grafana OnCall (for on-call management).

Benefits: For more information about the perks and benefits of working at Grafana, please check out our careers page.

A note about covid-19: All Grafanistas who wish to attend in-person events or travel for Grafana Labs must be fully-vaccinated.

Equal Opportunity Employer: At Grafana Labs we’re building a company where a diverse mix of talented people want to come, stay, and do their best work. We know that our company runs on the hard work and the dedication of our passionate and creative employees. If you’re excited about this role but your experience doesn’t align perfectly with every qualification in the job description, we encourage you to apply anyways.

We will recruit, train, compensate and promote regardless of race, religion, colour, national origin, gender, disability, age, veteran status, and all the other fascinating characteristics that make us different and unique. We believe that equality and diversity builds a strong organisation and we’re working hard to make sure that’s the foundation of our organisation as we grow.

For information about how your personal data is used once you’ve applied to a job, check out our privacy policy.

501-1,000 employees

Website

Open source analytics & monitoring solutions

Company Overview

Grafana Labs’ mission is to democratize metrics so users can create a dashboard that helps them get insights into how their applications behave, enabling them to iterate, take action and improve faster.

Benefits

30 days of paid vacation each year on top of national holidays, parental leave, & sick leave
Health coverage
4% contribution match on our 401(k)
$1,500 learning and development stipend
Udemy subscription
Complimentary subscription to Headspace
Discounts on a wide variety of services, including entertainment, food, and fitness.
Remote Work Option
Global Employee Assistance Program

Company Core Values

Share openly and default to transparency
Respectfully empowered
OSS is in our DNA
We keep our commitments
Seek diverse perspectives
Don’t let perfect get in the way of great
Help each other thrive