132 applicants

Company

Original Job Post

Block · 2 days ago

Cybersecurity Risk Manager

United States

Full-time

Remote

Senior Level

$180K/yr - $270K/yr

8+ years exp

Wonder how qualified you are to the job?

Maximize your interview chances

BitcoinBusiness Development

H1B Sponsorship

Insider Connection @Block

Discover valuable connections within the company who might provide insights and potential referrals, giving your job application an inside edge.

Responsibilities

Lead ongoing and periodic risk assessment exercises, including deep-dive risk assessments into engineering design, implementation, and operation, implementation, and operation of complex products, services, infrastructure, and architectures

Develop an approach to automate risk data and signal collection, enrichment, and translation from multiple disparate sources across Block

Collaborate with cross-functional 1st-line teams (engineering, product, others) to provide security risk analysis and consultation to integrate risk scenarios and treatment into product lifecycle

Develop periodic risk highlight reports for senior executives to aid awareness and risk-informed decision making

Work with stakeholders to manage the prioritization and execution of risk-reduction activities across BUs

Provide domain and subject matter expertise in partnership with engineering teams towards the creation of effective risk-related governance documentation

Influence and contribute to the evolution of the current risk management program

Improve and optimize existing risk assessment practices that monitor cybersecurity risks across all Business Units, using both quantitative and qualitative methodologies

Develop and prepare risk and control metrics, reports & executive dashboards

Proactively work to balance the needs of the 1st-line business teams and the need for regulatory compliance

Drive risk mitigation and control improvement actions identified from various security and risk management initiatives

Support the maturation of various 2nd line of defense security functions

Work with stakeholders to conduct in-depth research on in-house systems, services, and infrastructure in order to provide accurate and objective risk management advisory

Support the creation of governance documentation and technical specification based on internal policies, procedures, best practices, standards, and frameworks to support risk management, compliance, and audit efforts

Partner with stakeholders in the development of relevant security governance processes based on sound risk assessment exercises

Support the adoption, evolution, and continuous improvement of a GRC program

Qualification

Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.

Cybersecurity Risk ProgramsEnterprise InfrastructureSystems EngineeringSecurity InfrastructureControlsInformation Systems GovernanceAutomating GRC ProcessesCybersecurity Risk ManagementControl FrameworksGRC SolutionsData Visualization ToolsControl ChartsDashboardsIndustry Security StandardsAudit StandardsPrivacy StandardsNIST RMFISO27001PCI DSSGDPRCOBITAICPA Trust PrinciplesSOC 2/3NIST CSFCCPASCFMoR CertificationCISSP CertificationCRISC CertificationCISA Certification

Required

8+ years of experience in developing, managing & supporting Cybersecurity Risk programs for technology-focused companies

Strong technical background with deep knowledge of enterprise infrastructure, systems engineering, security infrastructure and controls

Experience in setting up and leading the implementation of information systems governance standards and frameworks, including automating GRC processes

Experience in integrating cybersecurity risk management and control frameworks

Experience working extensively with GRC solutions, tools, platforms and ERM processes

Familiarity with using data visualization tools with the ability to develop risk and control charts, dashboards, and reports

Experience with leading the implementation/adoption of industry security, audit, and privacy standards, frameworks, and regulations (e.g., NIST RMF, ISO27001, PCI DSS, GDPR, COBIT, AICPA Trust Principles (SOC 2/3), NIST CSF, CCPA, SCF)

Relevant Industry certifications (e.g., MoR, CISSP, CRISC, CISA, CISM)

Benefits

Healthcare coverage (Medical, Vision and Dental insurance)

Health Savings Account and Flexible Spending Account

Retirement Plans including company match

Employee Stock Purchase Program

Wellness programs, including access to mental health, 1:1 financial planners, and a monthly wellness allowance

Paid parental and caregiving leave

Paid time off (including 12 paid holidays)

Paid sick leave (1 hour per 26 hours worked (max 80 hours per calendar year to the extent legally permissible) for non-exempt employees and covered by our Flexible Time Off policy for exempt employees)

Learning and Development resources

Paid Life insurance, AD&D, and disability benefits

Company

Block

Glassdoor

3.9

Block, Inc. (NYSE: SQ) (formerly Square, Inc.) is a technology company with a focus on financial services.

Founded in 2009

Oakland, California, USA

10,001+ employees

https://block.xyz

H1B Sponsorship

Block has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)

Distribution of Different Job Fields Receiving Sponsorship

Trends of Total Sponsorships

2023 (172)

2022 (350)

2021 (22)