Manager, Cloud Information Security, Risk Management and Compliance

NVIDIA   •  

Santa Clara, CA

5 - 7 years

Posted 187 days ago

JR1912644

NVIDIA is seeking a Manager to help build and lead NVIDIA's Cloud Services risk management, controls and compliance program for our emerging hosted services.

Are you a current or former big 4 auditor or risk manager? Maybe a private industry auditor, security leader or compliance manager that is deeply interested in technology? Are you ready for a career change? If you are a highly motivated and engaged risk manager in the cloud services or cloud platform industry we are looking for you to join our team! Join us for an exciting journey to help NVIDIA build a groundbreaking GPU cloud to be used by major companies and organizations around the world.

What you'll be doing:

The Manager will play a key role as NVIDIA takes our GPUs to the cloud to democratize high-performance computing and deep learning. You will be responsible for organizing and leading initiatives requiring multiple projects to be driven and tracked to completion. Responsibilities may include the following:

  • Design and conduct security risk assessments and develop a reporting framework to measure continuous improvement
  • Coordinate and conduct external and internal assessment & interpret results of penetration testing exercises
  • Assist management in developing processes and controls to manage risk and issues.
  • Collaborate with the engineering, operations and security teams to implement risk mitigating controls supporting service confidentiality, integrity and availability.
  • Support internal and customer-facing risk assessments.
  • Understand impact of vendor assessments; Consult with vendors to define remediation requirements found from assessments
  • Validate vulnerabilities have been correctly mitigated or remediated
  • Track, monitor, audit and report on anomalies and/or breaches of security and report to management on potential impact
  • Communicate to management, through reports, presentations, metrics and other documentation, the cyber-security risks identified

What we need to see:

  • BS degree in a related field
  • 5+ years of experience in compliance, privacy or security risk management
  • Experience managing towards a security compliance framework and privacy regulations, such as SOC2, NIST, Cobit, GDPR and ISO 27001
  • Ability to quickly earn the trust of sponsors and key Members of the Cloud Services management team; mobilize and motivate teams; set direction and approach; resolve conflict; deliver tough messages with grace; execute with limited information and ambiguity
  • Ability to communicate at all levels with clarity and precision, both written and verbally
  • Strong presentation skills
  • Excellent problem-solving and critical-thinking skills
  • Able to lead multiple projects with competing priorities and deadlines
  • Self-starter with strong interpersonal and communication skills
  • Ability to work in a collaborative, team environment

Ways to stand out from the crowd:

  • Big 4, or management/IT consulting experience
  • Experience with vendor risk management
  • CISSP, CRISC, CISM, CISA, CIPP or similar certifications
  • CRISC or CISA highly desired
  • Understanding of GDPR and EU data privacy regulations