Sr. Manager, Information Security

About Netskope Today, there's more data and users outside the enterprise than inside, causing the network perimeter as we know it to dissolve. We realized a new perimeter was needed, one that is built in the cloud and follows and protects data wherever it goes, so we started Netskope to redefine Cloud, Network and Data Security. Since 2012, we have built the market-leading cloud security company and an award-winning culture powered by hundreds of employees spread across offices in Santa Clara, St. Louis, Bangalore, London, Paris, Melbourne, Taipei, and Tokyo. Our core values are openness, honesty, and transparency, and we purposely developed our open desk layouts and large meeting spaces to support and promote partnerships, collaboration, and teamwork. From catered lunches and office celebrations to employee recognition events and social professional groups such as the Awesome Women of Netskope (AWON), we strive to keep work fun, supportive and interactive. Visit us at Netskope Careers. Please follow us on LinkedIn and Twitter@Netskope. About the position: Based in St. Louis, this role is a member of the Global Information Security (GIS) team which has oversight and operational responsibilities for the Information security of Netskope. The Information Security Manager, Governance Risk and Compliance (GRC) will be a key member and manager of the GRC team responsible for collaborating with the business on GRC activities, administering GRC solutions, managing external and internal auditing activities, managing the Cyber Risk Management Program including third party vendor risk management and ensuring compliance objectives are being achieved across the organization. Responsibilities: • Responsible for managerial responsibilities such as staffing, performance assessment, career path planning, training, and coaching/mentoring for all GRC team members • Evaluating design and operating effectiveness of controls • Ability to monitor, measure and test core business processes against internal policies and procedures • Validating test procedures against controls, issue identification, root cause analysis and impact assessment • Documenting results following compliance framework to arrive to conclusions • Deliver value and insights by providing recommendations/improvements around processes and/or controls to business partners • Effectively communicate and report out on plans, status, issues, risks, and requirements to all levels of stakeholders • Develop and manage Metrics and Measures Programs • Provides training, and coaching for Analysts, Engineers, and business partners • Keep up-to-date on industry and regulatory changes • Assist in conducting enterprise-wide, ongoing risk analysis in tandem with compliance and internal audit. • Assist in the development and management of the Cyber Risk Management Program and performing supporting tasks • Support Customer risk assessments, audits, and evidence collection. • Contributes to security procedures and requirements documentation • Assists in development and maintenance of Information Security control mappings to defined frameworks Requirements: • 7+ years in an information security GRC role testing, monitoring, assurance within compliance, audit and operations with at least • 3+ years in a management or team lead role • Strong people skills, including the ability to partner effectively and influence change with stakeholders across the organization • Strong knowledge of information security governance, risk, and IT Controls compliance program • Strong understanding of cybersecurity, networking, system and cloud technologies • Strong experience with testing and monitoring manual and automated controls • Experience with conducting risk assessment and knowledge of current industry good practice for risk assessment methodologies and tools,( e.g., FEDRAMP, NIST, ISO) • Should possess relevant technical/professional qualifications/certification such as CISSP, CISM, CISA or ISO 27001 Lead Auditor/Implementer equivalent. • US Citizen Desired Skills: • Experience in performing risk assessments. • Experience in third party (vendor) risk management • Knowledge and experience in managing GRC tools. • Highly analytical with the ability to present your analysis • Strong written and verbal communication • Experience in maintaining metrics and measures. • Experience in supporting customer audits • Experience working with software engineering teams in an agile/dynamic environment • General understanding of meeting multiple/global compliance frameworks such as ISO 27001, FedRAMP, SSAE-18 SOC2, CSA STAR, Security Control Framework, HIPAA, PCI-DSS, etc. Education: Bachelor degree preferred. Compensation: At Netskope, salary is one component of our competitive total rewards package. The salary range for this position is as listed below. This is a national range. For purposes of complying with applicable laws, the range applies to candidates in California, Colorado, Illinois, Marylan