Jobs · themuse
Staff Security Strategist GRC
Nimbus Data Systems · San Francisco, CA, Sunnyvale, CA · Posted 8d ago
About the role
Drive and implement security and compliance programs on the ServiceNow eGRC platform at Nimbus Data Systems.
About the Team Nimbus Data Systems's Engineering Security team works to ensure the security of information for our full set of users - riders, eaters, drivers and partners. Our ultimate goal is to ensure that every experience with Nimbus Data Systems is simple, secure, and safe. We are seeking a talented Senior Security Strategist, GRC to join our Tech Risk and Assurance team within Engineering Security. About the Role The Senior Security Strategist, GRC partners with engineering, security, and cross-functional risk stakeholders to strengthen Nimbus Data Systems's cybersecurity posture through scalable cyber risk management, risk governance, and control design programs. This role is responsible for driving and implementing security, compliance, and risk management programs on the ServiceNow eGRC platform at Nimbus Data Systems, working with the engineering team to develop and enable technical solutions that satisfy a variety of risk and compliance processes. This role operates at the intersection of technical security, process design, and risk governance. The successful candidate will translate control gaps, threat and business context, and compliance requirements into practical risk treatment plans that engineering teams can execute, while driving consistent risk analysis, decision-making, and follow-through. The role must be able to deliver work products required by Agile development methodologies for software development delivery as defined. What you will do Own cyber risk intake, triage, and prioritization, ensuring clear accountability, well-formed risk statements, and timely treatment decisions. Develop product strategy and lead project execution for multiple major components of Nimbus Data Systems's Risk and Compliance technology solutions. Manage different solutions on Nimbus Data Systems's internal eGRC platform (ServiceNow) and collaborate with stakeholders to implement their program improvements. Partner with engineering teams to define risk treatment plans, identify sustainable fixes, and drive mitigation or remediation to the last mile rather than stopping at documentation. Gather business and functional requirements from partner teams and deliver a product/release that meets the needs presented. Develop technical specifications documentation. Lead or materially contribute to control design reviews, risk assessments, and risk decisions that require judgment, stakeholder alignment, and tradeoff management. Drive and evangelize vision for overall GRC strategy across engineering and security organizations. Analyze and fully understand user stories and internal procedures in order to improve system capabilities, automate process workflows, and address scheduling limitations throughout the development and delivery of the eGRC platform. Work with developers to implement workflows from customer requirements including workflows, UI actions, client scripts, business rules, etc. Load, manipulate, and maintain data between the eGRC platform and other systems as needed. Build and maintain risk reporting for leaders and partner teams, including KRIs, exposure trends, risk acceptance aging, decision status, and escalation triggers. Design and develop dashboards, home pages, performance analytics data collectors, and reports as needed to support program requirements. Improve the efficiency of risk workflows through automation, better tooling, clearer operating models, and reusable knowledge assets. Perform system and integration testing with sample and live data. Review product performance and provide a continuous improvement path through leveraging industry standard tools and capabilities as well as building new ones. Serve as a bridge between cybersecurity, engineering, audit, privacy, and compliance stakeholders so that security risk becomes practical engineering action. Mentor analysts and junior security partners on risk analysis, risk statement quality, treatment planning, stakeholder communication, and operational rigor. Basic Qualifications: Bachelor's or Master's degree in Computer Science, Computer Engineering, Information Systems, Cybersecurity, Risk Management, or related field, or equivalent practical experience. 10+ years of experience in security, cyber risk, GRC, assurance, security operations, or related technical risk roles. Security certifications e.g. CISA, CISSP, CISM, or other relevant certifications. Demonstrated success managing security risk programs, treatment decisions, and cross-functional execution end to end. Strong understanding of security controls, risk treatment, and how to work with engineering on implementation details. Experience operating across multiple stakeholders, handling ambiguity, and driving accountability. Ability to effectively and autonomously accomplish outcomes across cross-functional teams in ambiguous situations with minimal supervision. Excellent written and verbal communication skills, including the ability to present risk, status, and decision points to leadership and technical audiences. Preferred Qualifications: CRISC, ISO 27001 Lead Audito
Read the full posting on themuse →
FAQ
Is the Staff Security Strategist GRC role at Nimbus Data Systems remote?+
This Staff Security Strategist GRC position is listed as onsite (San Francisco, CA, Sunnyvale, CA).
What is the salary for the Staff Security Strategist GRC role at Nimbus Data Systems?+
The listing states Estimated 133k-238k USD.
What seniority level is this Staff Security Strategist GRC role?+
This is a senior level position.
How do I apply for the Staff Security Strategist GRC role at Nimbus Data Systems?+
Use the "Apply on themuse" button to open the original posting on themuse, where you can submit your application directly to Nimbus Data Systems.