Cyber Risk Quantification Manager

작업 내용

Company Description

Dropbox is a leading global collaboration platform that’s transforming the way people work together, from the smallest business to the largest enterprise. With more than 500 million registered users across more than 180 countries, our mission is to design a more enlightened way of working. From our headquarters in San Francisco to eight dedicated Studios and a worldwide team of employees who choose where they work best, our Virtual First approach is leading the way into the future of work.

Team Description

Our Engineering team is working to simplify the way people work together. They’re building a family of products that handle over a billion files a day for people around the world. With our broad mission and massive scale, there are countless opportunities to make an impact.

Role Description


As a trusted member of the Security Organization, the Cyber Risk Quantification Manager will be instrumental in the design, implementation, and management of Dropbox’s Factor Analysis of Information Risk (FAIR) security program. Specifically, your role will be to build relationships, understand risk profiles, technology stacks and dependencies of business partners supported by the security organization. Additionally, the Cyber Risk Manager will review and optimize detailed and rapid risk assessments, support executive reporting, provide governance of and continuous optimization of processes that support the RiskLens & GRC platforms. If you thrive on being a radical change agent, have an analytical mindset, and are excited about changing the paradigm of communicating security risk, we want you on our team!NOTE: While FAIR & RiskLens experience is desired, it’s absence is not a deal breaker.
Responsibilities

• Develop security specific loss event scenarios across business domains
• Create a continuous improvement program to facilitate security teams ability to independently create & present Rapid Risk Assessments
• Develop FAIR based cost benefit analysis to assist security teams communicate and compare risk mitigation options and prioritize initiatives
• Partner with stakeholders and leadership to achieve successful risk reduction
• Monitor risk mitigation strategy plans to help bring open security risks to closure.
• Internal socialization of DropBox’s quantitative/FAIR based program
• Facilitate risk quantification meetings and working group sessions
• Partner with teammates, subject matter experts to present risk quantification results, cost justification and reduction proposals to senior leadership
• Facilitate formal and informal risk quantification/FAIR training and socialization efforts

Requirements

• 8+ years of risk management experience
• Strong critical thinking and analytical skills
• Intermediate to advanced knowledge of core cybersecurity fundamentals
• Experience with cyber risk quantification models. Factor Analysis of Information Risk (FAIR) and RiskLens a plus.
• Ability to decompose complex systems and problems
• Excellent ability to communicate complex subjects effectively, especially at the executive level
• Experience designing, implementing and managing security controls and processes

Desired Skills

• Bachelor’s degree or equivalent IT work experience
• Experience in one or more areas: Security Assurance, Security Operations, Threat Modeling
• One or more certifications: OpenFAIR, CISSP, CRISC, CISA
• People management experience

Dropbox is an equal opportunity employer. We are a welcoming place for everyone, and we do our best to make sure all people feel supported and connected at work. A big part of that effort is our support for members and allies of internal groups like Asians at Dropbox, BlackDropboxers, Latinx, Pridebox (LGBTQ), Vets at Dropbox, Women at Dropbox, ATX Diversity (based in Austin, Texas) and the Dropbox Empowerment Network (based in Dublin, Ireland).