- Full Time
Build the future of data. Join the Snowflake team.
Snowflake is looking for a Product Security Risk Analyst to join our Global Security Compliance & Risk team and help manage and improve on the existing program for assessing the risk of third party tools and services in use by Snowflake. You will be responsible for managing the intake process, working with constituents to collect the required information, collecting all necessary details to understand the use case for each tool or service, and reviewing the required documentation and evidence to meet the security controls required based on the use case. You will help identify and manage Third Party security risk to protect Snowflake assets.
AS THE SECURITY RISK ANALYST, YOU WILL:
- Perform ongoing third party security risk assessments to help Snowflake identify and evaluate security risks
- Support and monitor remediation efforts of identified gaps, perform remediation audit to validate the closure.
- Review and process incoming requests for security assessment of new products and services
- Review all evidence provided to compare vendor security controls to Snowflake data protection requirements
- Assess and manage security findings from various vendor security monitoring systems
- Develop and improve security documentation
OUR IDEAL SECURITY RISK ANALYST WILL HAVE:
- 3+ years of experience in security or audit role
- Previous experience assessing security of third party vendors, tools, and services
- Understanding of a broad set of security best practices (e.g., application security, secure software development lifecycles, risk management, data protection, encryption & key management, identity and access management, security operations, security governance, network security, etc.) and technologies
- Flexibility to work during different time zones
- Exceptional communication skills, including perfect written English
- Familiarity with PCI-DSS, HIPAA, SOC1, SOC2, FedRAMP, GDPR, and/or ISO standards and frameworks
- Good understanding of application and cloud security concepts and controls
- Ability to analyze, organize and prioritize multiple tasks and meet deadlines
- Attend to detail while maintaining a big picture orientation
- Work independently as well as collaboratively within a team environment.
- Extremely high ethical standards as proven by successful background checks and references
- Previous experience working with a variety of personalities from a variety of cultures
BONUS POINT FOR EXPERIENCE WITH THE FOLLOWING:
- Proficiency in use of JIRA, Confluence, and ServiceNow
- BI and database experience, including SQL knowledge and making dashboards
- Security certification, such as CISSP, CCSP, CISA, Security+
- AWS, Azure, Google Cloud, or other major Cloud Provider experience