Manager, Security Risk & Compliance
Apptio - United States
Employment Type : Full-Time
Overview: You: You are a Risk & Compliance expert with extensive experience providing Cloud SaaS services to a demanding set of Fortune 100, Fortune 500, Enterprise, and emerging customers across a diverse range of private sector industries and government entities. The Manager, Risk & Compliance position is responsible for achieving, maintaining, and expanding certifications necessary to meet the ever-increasing regulatory and corporate requirements of Apptio customers in support of aggressive growth and market expansion goals. This is an opportunity to leverage your technical and business skills to have a global impact in the dynamic and competitive Technology Business Management market which Apptio has established and for which is the undisputed leader. This position will report to the Director of Information Security. You will work closely with IT teams, data center operations personnel, external business partners and most importantly prospective and existing customers in defining the appropriate policies, architectures, technologies, and practices to provide protection for our clients’ information assets. This role provides a unique opportunity to interact directly with customers to support business critical sales initiatives and to ensure ongoing customer satisfaction.
Us: Our team has broad responsibility for security and compliance across Apptio services and business units worldwide. We are highly motivated and dynamic individuals woven into a collaborative team where teamwork and flexibility are critical to our success. As an organization, Apptio has a very strong culture; it is open, transparent, and very customer focused. Leaders in the organization consistently showcase the following key attributes and look to build teams that embrace these qualities every day:- Growth Mindset
- Dealing with ambiguity and change
- Take ownership and has accountability
- Customer-focused
- Foster an inclusive environment
Responsibilities:What we want you to do:- Contribute to the design, implementation, and operations of procedural and technical security controls
- Perform technical audits of IT General Controls, Information Security, SDLC, Application Security and Operations.
- Determine audit scope, design testing strategies, test, evaluate, and document controls, identify control gaps and report audit issues based on significance, risk, and impact.
- Collect, review, analyze and verify the performance of internal controls, adherence to internal policy & procedures and client security expectations.
- Conduct staff interviews and walkthroughs; perform analysis to identify key business risks and controls.
- Collaborate with the Security Analyst team to engage with prospective and existing customers to understand their security expectations, communicate written and verbal technical, policy, and procedural security information, and participate in customer calls in support of sales initiatives
- Manage follow-up on open audit issues and facilitate agreement with business process owners to ensure timely closure of action plans.
- Research, standardize, compose, edit, and approve documented policies and procedures/process for compliance and in accordance with accepted industry standards.
- Keep abreast of current and emerging technologies and recommend changes to audit programs, as necessary.
- Maintain and grow an established team of risk & compliance specialists, provide guidance and coaching to ensure the highest standards continue to be met
- Provide guidance to senior leadership on compliance and certification investments needed to maintain Apptio’s competitive edge and meet customers’ ever-increasing needs
Qualifications:Basic Qualifications:- Minimum 5 years’ experience with achieving, maintaining, and expanding a comprehensive portfolio of certifications to demonstrate the appropriate Cloud SaaS security posture to customers and prospects
- Expertise with the following Information Security frameworks and standards: SOC1/2/3, ISO/IEC 27001, US FedRAMP/Australian IRAP government certification, Cloud Security Alliance Cloud Controls Matrix (CCM)
- Experience interpreting and complying with rules/regulations related to privacy and data confidentiality (e.g., GDPR, CCPA).
- Proficiency with risk assessment programs and methodologies
- Strong organizational skills ranging from effectively engaging with individual contributors as well as executive leadership across all organizations in the enterprise
- A proven track record of building and leading high capability teams
- CISA/CISM/CISSP (or equivalent) certification required)
Desired Qualifications:- Excellent interpersonal skills for building and establishing strong relationships with customers and key stakeholders, including senior staff, the security team, and the wider organization.
- The ability to audit, assess and identify compliance gaps in information security controls.
- Collaborative work style; effective communication; cross-functional teamwork.
- Ability to independently plan, organize and prioritize tasks.
- Strong general business skills and an aptitude for critical thinking and intellectual curiosity.
- Great attitude, self-motivating and independent, takes ownership of tasks from start to end.
- Highly organized and comfortable working in a rapidly changing and ambitious environment.
- Strong knowledge of desktop, server, application, and network security principles for conducting comprehensive business impact analysis and risk identification.
- Experience and/or knowledge of information security tools/systems: SIEM, DLP, IDS/IPS, etc.
Apptio’s products empower business leaders to drive optimal financial performance across their organizations. More than 60 percent of Fortune 100 enterprises trust Apptio to manage spend across the entire IT portfolio and beyond, so that they can focus on delivering innovation. Apptio automatically ingests and intelligently structures vast amounts of enterprise and technology-specific spend and operational data and enables users across disciplines to report, analyze, plan, and govern their investments collaboratively, efficiently, and with confidence. Apptio Inc. is not open to 3rd party solicitation or resumes for our posted FTE positions. Resumes received from 3rd party agencies that are unsolicited will be considered complimentary. Apptio, Inc. provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, gender, sexual orientation, national origin, age, disability, genetic information, marital status, amnesty, or status as a covered veteran in accordance with applicable federal, state and local laws. Apptio, Inc. complies with applicable state and local laws governing non-discrimination in employment in every location in which the company has facilities.