Tech Stack

Description

You will lead initiatives to build trust in Druva's security, privacy, and compliance posture, manage third-party risk, and drive security culture improvements. You'll own processes for security due diligence requests and coordinate with internal teams to provide high-quality responses to customer security queries. This role involves developing customer-facing security documentation and staying informed about current vulnerabilities to reduce risk.

Requirements

• At least 12 years of experience in a technology discipline, preferably 8+ years in the cyber security domain
• Background in or strong understanding of security compliance and Privacy frameworks (SOC 2, ISO27001, HIPAA, CSA STAR, NIST)
• Demonstrable knowledge of OWASP Top-10 Web Application Vulnerabilities and related risks and countermeasures
• Working protocol level understanding of At-Rest and In-Motion Encryption fundamentals (TLS/SSL, BCrypt, PKI, SHA1, AES etc)
• Knowledge of AWS and security controls native to AWS
• Technical Understanding of SaaS Multi-tenant architectures
• Ability to threat model and assess security risk of interconnected systems and data flows
• Proven experience collaborating with sales and engineering teams
• Demonstrable customer communication experience around security matters
• Experience implementing or using any TPRM tools or platforms (for e.g. KY3P, ProcessUnity, ServiceNow, CyberGRX etc)
• Knowledge of technical domains such as network security, cloud security application security
• Exceptional communication skills, critical thinking ability and strong bias for ownership learning
• Experience leading teams, building and monitoring cross-functional scaled-up processes to achieve business objectives

Responsibilities

• Own and drive the processes to provide expert internal support for security and compliance due diligence requests
• Work and co-ordinate with internal security teams, Engineering functions and customer account teams to provide timely and high-quality responses to security queries from prospects and customers
• Manage incoming security support requests including security focused questionnaires, customer audits, and client-driven penetration tests as needed
• Develop and maintain customer facing security policies and documentation and manage the Druva's online trust portal
• Ensure customer security documentation and external artifacts are up to date and accurate as per current state security policies
• Evaluate and set the strategy for Druva’s third-party risk management program
• Conduct holistic security assessments of Druva’s existing new vendors to identify and mitigate potential risks
• Stay informed about current security vulnerabilities, incidents and assess exposure through Druva’s vendor landscape
• Own and drive risk-reduction in Druva’s External attack surface
• Develop and execute on improvement strategy for phishing simulations and security training of our employees