Cybersecurity Risk Analyst

We’re at the forefront of the data revolution, committed to building the world’s greatest data and applications platform. Our ‘get it done’ culture allows everyone at Snowflake to have an equal opportunity to innovate on new ideas, create work with a lasting impact, and excel in a culture of collaboration.

Snowflake Global Security Compliance and Risk (GSCR) team is focused on ensuring all our Snowflake products and services, and Corporate IT environment are secured, compliant with regulatory requirements and cybersecurity and third-party risks are managed. Our team works cross-functionally with various key stakeholders (Product Security, Engineering, Corporate IT and Security, Legal, Enterprise Risk Management, and Internal Audit).

The Senior Global Security and Risk Analyst will be a critical and high-impact individual contributor role. This role will be focused on identifying, assessing, managing, monitoring and communicating cybersecurity risks throughout the organization. Ideal candidates are highly motivated individuals who thrive in fast-paced environments, comfortable with modern technology stacks that leverage the cloud, and who see risk as something to manage pragmatically.

JOB RESPONSIBILITIES :

• Ensure relevant cybersecurity risks identified are captured in the risk register and keep it updated with the related information
• Performs cyber risk assessments on new and existing cyber security risks in partnership with risk owners
• Develop a broader understanding of the intent, objectives, and activities of cyber threat actors
• Analyze cybersecurity risks to determine likelihood and impact to Snowflake business and describe risks in quantitative and qualitative terms
• Implement a quantitative risk methodology based on FAIR approach and quantify cybersecurity risks
• Develop risk mitigation plan by partnering with the risk and system owners
• Identify and develop appropriate metrics such as key performance indicators (KPIs) and key risk indicators (KRIs) to measure risks and highlight trends or themes
• Track and monitor risk mitigation plans and activities
• Make risk-based decisions and trade-offs impacting business strategies
• Help project prioritization for quarterly planning activities that could mitigate the risks
• Develop reports and dashboards to provide an update on risk posture to key stakeholders, risk owners and leadership team
• Maintain a strong understanding of risk management methodologies and frameworks.
• Educate and build awareness of cybersecurity risk management  across the organization.
• Empower key stakeholders and risk owners to use the common risk taxonomy
• Influence behaviors to reduce cybersecurity risk and foster a strong risk-based culture throughout the organization

QUALIFICATIONS :

• Minimum of 8 years of tactical and operational experience in Governance, Risk and Compliance, or Information Security, with a focus on risk assessments/management
• Strong analytical skills along with the ability to effectively communicate complex security related information including risk identification, assessment, and remediation activity.
• Knowledge and practical experience with the following risk management frameworks:  ISO, NIST, and FAIR.
• Experience with creating and utilizing risk KPIs and KRIs with data visualization tooling.
• Technical certifications within the area of security and risk are a strong plus (CISSP, CRISC, CISM or equivalent).
• Knowledge and experience pertaining to:
• AWS or Azure (or similar) cloud security and infrastructure
• Software as a Service (SaaS) applications
• Network Infrastructure Security
• Encryption technology and implementation
• Database security
• Operating system security

In accordance with applicable law, the following represents a reasonable estimate of the range of possible compensation for this role if hired in Colorado:

• The estimated pay range for this role, if based in Colorado, is $119,100 - $153,000.
• Additionally, this role is eligible to participate in Snowflake’s bonus and equity plan

Please note that this information is provided for those hired in Colorado only, and this role is open to candidates outside of Colorado with compensation that aligns with your location.  The successful candidate’s starting salary will be determined based on permissible, non-discriminatory factors such as skills, experience, and geographic location. This role is also eligible for a competitive benefits package that includes: medical, dental, vision, life, and disability insurance; 401(k) retirement plan; flexible spending & health savings account; paid holidays; paid time off; employee assistance program; and other company benefits.

Snowflake is growing fast, and we’re scaling our team to help enable and accelerate our growth. We are looking for people who share our values, challenge ordinary thinking, and push the pace of innovation while building a future for themselves and Snowflake. 

How do you want to make your impact?