Tech Stack

Description

You'll own the lifecycle of internal security risk assessments, applying risk methodology and producing risk memos for MongoDB's $100B+ database market. This role scales the risk function to meet rigorous regulatory demands like DORA and FedRAMP while empowering business growth.

Requirements

• 10+ years in Information Security, Governance, Risk Compliance (GRC)
• Hands-on experience conducting enterprise-level security risk assessments end-to-end
• Deep knowledge of NIST SP 800-30, NIST CSF, ISO 27001, SOC 2
• Comprehensive knowledge of DORA, NIS2, FedRAMP, GDPR, PCI-DSS
• Ability to write executive-level risk reports translating technical flaws into business risks

Responsibilities

• Implement risk assessment methodology and integrate risk matrix into framework
• Ensure regulatory compliance with DORA, FedRAMP Rev 5, and maintain SCRM plan
• Conduct end-to-end technical security risk assessments with technical evidence
• Produce high-quality risk memos telling a cohesive story from risk statement to rating
• Manage risk acceptance process and maintain risk management dashboard