• Security GRC Specialist

    Confluent Washington, DC 20080

    Job #2306892470

  • Confluent is pioneering a fundamentally new category of data infrastructure focused on data in motion. Have you ever found a new favorite series on Netflix, picked up groceries curbside at Walmart, or paid for something using Square? That's the power of data in motion in action-giving organizations instant access to the massive amounts of data that is constantly flowing throughout their business. At Confluent, we're building the foundational platform for this new paradigm of data infrastructure. Our cloud-native offering is designed to be the intelligent connective tissue enabling real-time data, from multiple sources, to constantly stream across the organization. With Confluent, organizations can create a central nervous system to innovate and win in a digital-first world.

    We're looking for self-motivated team members who crave a challenge and feel energized to roll up their sleeves and help realize Confluent's enormous potential. Chart your own path and take healthy risks as we solve big problems together. We value having diverse teams and want you to grow as we grow-whether you're just starting out in your career or managing a large team, you'll be amazed at the magnitude of your impact.

    About the role:

    As the Governance, Risk and Compliance Specialist in the Trust & Security organization you will play a critical role in fulfilling the vision to secure Confluent's platform and cloud offerings through a combination of technical expertise, security risk management experience, and excellent program management skills. You should be experienced in creating and maintaining risk registers, facilitating risk and issue discussions, actively providing insight and guidance on emerging risk trends, developing metrics programs to report and monitor risks with minimal supervision.

    Who you are:

    • Smart, humble, and empathetic

    • Have a strong sense of teamwork and put team's and company's interests first

    • Driven and excited about challenges of a fast-paced, innovative software startup environment

    Primary Responsibilities:

    • Help support various parts of the company to adopt a common risk and control framework

    • Lead efforts to improve and operate our risk register and issue management programs, such as:

    • Managing risk registration activities to ensure security risks are centrally and consistently cataloged

    • Facilitate risk treatment decisions to drive clear actions for either risk mitigation or formal risk acceptance

    • Issue and action management to ensure steady progress is made towards resolution that address the root cause(s) and prevent issue recurrence

    • Lead risk mitigation or risk acceptance conversations and help stakeholders reach a common understanding of the risks and tradeoffs, and a defined plan to either mitigate or accept the risk(s).

    Required Skills and Experience:

    • Proficient at designing and delivering key risk metrics and reports to varying audiences across the management chain

    • Periodically re-validating the accuracy of our Top Risks and drive improvements for risk reduction

    • Producing insights from our aggregated risks to highlight relevant risk trends or behaviors, and delivering periodic reporting to measure our risk posture and enable escalations where necessary

    • Keep up with relevant regulation, emerging threats, forecasts, policies and best practices, and maintain a mindset of constant innovation to consider possibilities in advancing our risk management framework

    • Advise and collaborate with SMEs, including Audit & Compliance teams, to ensure adequate security controls are in place to manage risk and are aligned with leading best practices

    • Assist with the implementation and operation of Governance Risk and Compliance (GRC) tooling to further improve and automate our risk management processes

    • Experience working with Agile methodology, JIRA and GRC tools

    • Strong knowledge of and experience in security risk management and with frameworks including related regulatory compliance requirements (e.g., SOC 1/2, HITRUST, FedRAMP, PCI, ISO2700X) required

    • Strong knowledge of and experience in all facets of integrated security governance, risk, and compliance management

    • Experience working with, Cloud technologies/environments, AWS or other related cloud experience is required

    • Strong communication, interpersonal and leadership skills to work with both engineering and other non-technical stakeholders

    • Strong technical skills.

    • Bachelor's degree in Computer Science, a related field or equivalent practical experience.

    Come As You Are

    At Confluent, equality is a core tenet of our culture. We are committed to building an inclusive global team that represents a variety of backgrounds, perspectives, beliefs, and experiences. The more diverse we are, the richer our community and the broader our impact. Employment decisions are made on the basis of job-related criteria without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, or any other classification protected by applicable law.

    Confluent requires all employees (in office and remote) in the U.S. to be vaccinated for COVID-19. Consistent with federal, state, and local requirements, Confluent will consider requests for reasonable accommodation based on medical conditions/contraindications or sincerely-held religious beliefs where it is able to do so without undue hardship to the company.

    Click here to review our _Candidate Privacy Notice (~~~ , which describes how and when Confluent, Inc., and its group companies, collects, uses, and shares certain personal information of job applicants and prospective employees.