Build the future of data. Join the Snowflake team.

We’re at the forefront of the data revolution, committed to building the world’s greatest data and applications platform. Our ‘get it done’ culture allows everyone at Snowflake to have an equal opportunity to innovate on new ideas, create work with a lasting impact, and excel in a culture of collaboration.

Snowflake Global Security Compliance and Risk (GSCR) team is focused on ensuring all our Snowflake products and services, and Corporate IT environment are secured, compliant with regulatory requirements and cybersecurity and third-party risks are managed. Our team works cross-functionally with various key stakeholders (Product Security, Engineering, Corporate IT and Security, Legal, Enterprise Risk Management, and Internal Audit).

The Senior Cybersecurity Risk and Policy Lead will be a critical and high-impact individual contributor role. This role will be responsible for managing the cybersecurity risks (identifying, assessing, managing, monitoring and communicating cybersecurity risks) and security policies (facilitate development, maintenance, and evolution of the security policy framework, and work with all security teams to implement, manage and track exceptions to policies, standards, and plans over time). Ideal candidates are highly motivated individuals who thrive in fast-paced environments, comfortable with modern technology stacks that leverage the cloud, and who see risk as something to manage pragmatically. 

JOB RESPONSIBILITIES:Ensure relevant cybersecurity risks identified are captured in the risk register and keep it updated with the related informationFacilitate risk decomposition (scenario generation) activities with the relevant key stakeholders and document the outcomesDevelop a broader understanding of the motives, targets and activities of cyber threat actors and manage threat actor profile for SnowflakePerform cyber risk assessments on new and existing cyber security risks in partnership with risk owners and subject matter expertsAnalyze cybersecurity risks to determine likelihood and impact to Snowflake business and describe risks in quantitative and qualitative termsImplement a quantitative risk methodology based on FAIR approach and quantify cybersecurity risks in financial termsDevelop risk mitigation plan by partnering with the risk and system ownersIdentify and develop appropriate metrics such as key performance indicators (KPIs) and key risk indicators (KRIs) to measure risks and highlight trends or themesTrack and monitor risk mitigation plan activities with metrics and timelineHelp make risk-based decisions and trade-offs impacting business strategiesHelp project prioritization for quarterly planning activities that could mitigate the risksDevelop reports and dashboards to provide an update on risk posture to key stakeholders, risk owners and leadership teamMaintain a strong understanding of risk management methodologies and frameworksEducate and build awareness of cybersecurity risk management  across the organizationEmpower key stakeholders and risk owners to use the common risk taxonomyInfluence behaviors to reduce cybersecurity risk and foster a strong risk-based culture throughout the organizationAssess, evolve, and drive the policy management framework for all Security policies and standards in partnership with Security teams and Security Risk ManagementReview and make recommendations for streamlining existing and future security policiesAppropriately assess control design and effectiveness in order to ensure policy and standard enforcementCreate a process and collateral for rolling out new security policies to the whole companyEstablish, document, and broadly communicate security policy management norms to the Security organization, outlining how to create, maintain, enforce, and deprecate security policies in line with enterprise policy requirementsCollaborate within Security Compliance, Product Security, Corporate Security, Legal and other partners to incorporate security and compliance requirements into the security policy framework and track policy implementation and issuesManage the Security Exception Process to enable Security teams to track exceptions, manage approvals, and improve automationPartner with Security Analytics team to develop key performance indicators and dashboards to monitor and report on the Security policiesUtilize people, process and technology in order to build tightly integrated policy tooling into a broad set of security internal toolingQUALIFICATIONS:Minimum of 10 years of tactical and operational experience in Governance, Risk and Compliance, or Information Security, with a focus on risk assessments/managementStrong analytical skills along with the ability to effectively communicate complex security related information including risk identification, assessment, and remediation activity.Knowledge and practical experience with the following risk management frameworks:  ISO, NIST, and FAIR.Experience with creating and utilizing risk KPIs and KRIs with data visualization tooling.Technical certifications within the area of security and risk are a strong plus (CISSP, CRISC, CISM or equivalent).Knowledge and experience pertaining to:AWS or Azure or GCP  (or similar) cloud security and infrastructureSoftware as a Service (SaaS) applicationsCI/CD pipeline tools (such Github, Jenkins, etc.)Network infrastructure securityEncryption technology and implementationDatabase securityOperating system securityArtificial intelligence and machine learningExpert, communicator and writer; you can coach others on their writing skills, you can adapt your communication style for your audience, and you have experience drafting policies, reports, and other written materials for a variety of executive audiencesKnowledge of global cybersecurity, technology and data privacy regulatory requirements Experience reporting policy and compliance posture to senior stakeholdersAbility to direct cross functional work and hold others accountable to committed deadlines

Every Snowflake employee is expected to follow the company’s confidentiality and security standards for handling sensitive data. Snowflake employees must abide by the company’s data security plan as an essential part of their duties. It is every employee's duty to keep customer information secure and confidential.

The following represents the expected range of compensation for this role: The estimated base salary range for this role is $165,000 - $231,000.Additionally, this role is eligible to participate in Snowflake’s bonus and equity plan.

The successful candidate’s starting salary will be determined based on permissible, non-discriminatory factors such as skills, experience, and geographic location. This role is also eligible for a competitive benefits package that includes: medical, dental, vision, life, and disability insurance; 401(k) retirement plan; flexible spending & health savings account; at least 12 paid holidays; paid time off; parental leave; employee assistance program; and other company benefits.

Snowflake is growing fast, and we’re scaling our team to help enable and accelerate our growth. We are looking for people who share our values, challenge ordinary thinking, and push the pace of innovation while building a future for themselves and Snowflake.

How do you want to make your impact?