Key skills
AWSAzureCloudGoogle Cloud PlatformKubernetesCAIGCPGoogle CloudSaaSJiraConfluenceAgileLeadershipRisk ManagementCommunicationSales
About this role
Role Overview
- Own the Framework: Design, implement, and maintain a common control framework (CCF) that maps to multiple standards (SOC 2, ISO 27001, FedRAMP, NIST CSF, PCI-DSS) to ensure "test once, comply many" efficiency.
- Risk Quantification: Evolve our risk management program towards quantitative risk analysis (e.g. leveraging FAIR, OCTAVE methodologies), utilizing AI to continuously process & analyze complex data sets, and providing executive leadership with data-driven insights on security posture and residual risk and an updated view of Top Risks impacting Confluent.
- Program Modernization: Develop and maintain security policies that are agile, easily discoverable, and practical for an AI-native engineering culture, enforceable through automation.
- Remediation Strategy & Engineering Partnership: Interface directly with Information Security Engineering (InfoSec Eng) to co-develop technical remediation strategies that are secure by design and operationally feasible.
- Risk Reporting: Develop and maintain a visual presentation layer (e.g., dynamic dashboards, executive scorecards, and trend analysis) that simplifies complex risk data.
- Risk Treatment: Evolve current risk management programs to ensure risks are properly tracked, treated, and communicated.
- Program Execution: Apply technical program management best practices to complex security initiatives.
- Communication & Accountability: Regularly report to the Trust and Security staff, eStaff and prepare occasion Board level content via weekly, monthly and quarterly execution reviews.
- OCISO Partnership: Collaborate closely with the Office of the CISO (OCISO) to proactively forecast and prioritize security certifications and product features.
- Sales Acceleration: Act as a subject matter expert during high-stakes customer engagements, partnering with Sales and OCISO to build confidence with Fortune 500 CISOs and external auditors.
- Continuous Compliance and Scale: Partner with Engineering to drive the automation of evidence collection and control monitoring.
- Audit Management: Orchestrate all external audits and certifications, serving as the primary liaison with external auditors and regulators.
- TPRM: Oversee the Third-Party Risk Management program, ensuring that vendors, partners, and AI sub-processors meet Confluent’s security standards throughout the vendor lifecycle.
Requirements
- 10+ years of progressive experience in Information Security, Risk Management, or IT Audit.
- 5+ years of leadership experience building and managing high-performing GRC teams in a high-growth SaaS or cloud-native environment.
- Cloud Native Fluency: Deep understanding of modern cloud infrastructure (AWS, GCP, Azure, Kubernetes) and how traditional controls apply to ephemeral, containerized environments.
- AI Fluency: Hands-on experience or a strong vision for leveraging AI tools to scale internal GRC programs and operations.
- Mastery of Standards: Expert-level knowledge of SOC 2 Type II, ISO 27001/27701, NIST 800-53, and PCI-DSS.
- FedRAMP Expertise: Strong familiarity with FedRAMP High/Moderate authorization processes and continuous monitoring requirements is highly preferred.
- Privacy Intersection: Working knowledge of global privacy laws (GDPR, CPRA) and how they intersect with security controls.
- Technical Program Management: Proven ability to manage complex cross-functional programs and utilize tools like Jira/Confluence and risk management tools.
- Business Acumen: The ability to translate complex technical risks into business terms (ROI, Brand Risk, Velocity) for the C-Suite and Board of Directors.
- Diplomacy & Empathy: A track record of building consensus with Engineering and Product teams.
Tech Stack
- AWS
- Azure
- Cloud
- Google Cloud Platform
- Kubernetes
Benefits
- Offers Equity