Staff Security Engineer - Governance, Risk and Compliance (GRC)
To learn more about our Hiring Range System, please click this link.
The Security Assurance and Risk team is a community of engineers who care deeply about ensuring that Mozilla products, services and infrastructure is secure and private. We are responsible for the governance, risk and compliance of security standards, collaborating with all Mozilla departments for the most secure and private consumer experience.
Are you interested in helping to secure Mozilla products and services? If so, we’d love to hear from you. Feel good about your work again! Pursue your future while working to protect the future of the internet for everyone, everywhere.
What you’ll get to do
- Lead the implementation of; and ongoing governance and compliance of a security framework
- Contribute directly to design and execution of high quality, thorough cybersecurity maturity assessments and threat risk assessments of different business and technical processes and controls
- Demonstrate in-depth technical capabilities and professional knowledge. Candidates should be current on the modern cybersecurity control environment and threat landscape related to several industries
- Establish consulting level relationships with internal partners from different Mozilla departments.
- Demonstrate and apply a thorough understanding of security controls and how they apply to infrastructure security, cloud security, application security and others.
- Perform 3rd party vendor risk assessments
What you’ll bring
- Knowledge and 5+ years of hands-on experience in cyber security governance, risk and compliance
- Experience running cyber security and risk assessments using industry known frameworks such as, but not limited to: NIST, CIS, CoBiT, ISO27001
- Familiarity with other industry security or privacy regulations: PCI-DSS, GDPR, FIPPA, HIPPA etc
- Strategic planning and road-mapping of security control implementation
- Subject matter expertise with at least 5 of the following:
- Network & infrastructure security,
- Cloud security
- Threat detection
- Incident response
- Vulnerability management
- SDLC security
- Dev sec ops
- Security governance
- Risk and compliance
- Security architecture
- Data protection
- Possession of one or more of the following cyber security-related certifications: CISSP, CISM, CISA, CRISC, GSEC or equivalent
- Experience in working independently and as part of a team to create high quality deliverables and reporting
- Excellent analytical skills
- Leadership and mentoring skills
- Excellent interpersonal, written, verbal, communication, and presentation skills
Mozilla exists to build the Internet as a public resource accessible to all because we believe that open and free is better than closed and controlled. When you work at Mozilla, you give yourself a chance to make a difference in the lives of Web users everywhere. And you give us a chance to make a difference in your life every single day. Join us to work on the Web as the platform and help create more opportunity and innovation for everyone online.
Commitment to diversity, equity, inclusion, and belonging
Mozilla understands that valuing diverse creative practices and forms of knowledge are crucial to and enrich the company’s core mission. We encourage applications from everyone, including members of all equity-seeking communities, such as (but certainly not limited to) women, racialized and Indigenous persons, persons with disabilities, persons of all sexual orientations, gender identities, and expressions.
We will ensure that qualified individuals with disabilities are provided reasonable accommodations to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment, as appropriate. Please contact us at email@example.com to request accommodation.
We are an equal opportunity employer. We do not discriminate on the basis of race (including hairstyle and texture), religion (including religious grooming and dress practices), gender, gender identity, gender expression, color, national origin, pregnancy, ancestry, domestic partner status, disability, sexual orientation, age, genetic predisposition, medical condition, marital status, citizenship status, military or veteran status, or any other basis covered by applicable laws. Mozilla will not tolerate discrimination or harassment based on any of these characteristics or any other unlawful behavior, conduct, or purpose.
Req ID: R2106