Cyber Risk Lead

Job Description:

We are seeking an experienced security professional to join our Information Security team and be an integral part of developing our Information Security program. Reporting to the Director of IT GRC, Identity & Asset Management, this person will work closely with many parts of the business, including Engineering, Legal, IT, Support, People and Places, and Finance. Their primary focus will be on assessing and communicating business risk and threats. As a Cyber Risk Business Partner, you will also be involved in creating risk, business resilience and security strategy early in the design phase, building up and strengthening the Risk team, evangelizing cyber risk and security across teams, and be the business unit point of contact for security risk initiatives.

Who you’re committed to being:

• You enjoy building processes from the ground up to streamline initiatives and other programs

• You are an inquisitive, curious, critical thinker who is always looking for better ways to tackle cyber security problems

• Persistent Problem-Solver- You know what it takes to protect the business and as the business changes, you find ways to manage information security in a practical way

• You are an effective communicator within the information security community and within the business

• You use data, empathy and good judgment to approach business problems

• You enjoy researching, implementing, and teaching security and risk best practices

• You are organized, can be flexible, leverage best practices, and most importantly, create solutions for any problem with a can-do attitude.

What you’ll do:

• Support the Information Security office with the global IT risk management frameworks and legal entity regulatory requirements.

• Lead the expansion of IT Risk Management Program including Vendor Risk Management, into a robust cybersecurity supply chain risk management business resilience program.

• Conduct company-wide risk assessments, and develop and manage cybersecurity, data privacy, compliance, operational, product, and third party vendor risks management throughout vendor lifecycle

• Implement risk assessment, including privacy related risk assessment strategies to qualify and/or quantify potential impact of risks utilizing known risk management frameworks to meet global legal, regulatory, and customer requirements.

• Collaborate with IT, legal, Procurement and business partners, review agreements and contracts, monitor vendor performance, mitigate risks, and refine the risk management treatment program and maintain risk register.

• Partner with vendors that align with the organization's needs and risk appetite, defining security and technical requirements. Overseeing technical builds, integrations, and implementations of new and existing tools ensuring full optimization of availability technology.

• Test critical applications against adopted IT controls to ensure resilience and recovery objectives are met.

• Create and manage continuous monitoring activities, execute updates to existing reporting and track, employing analytics features to protect against risk exposure. Identify, evaluate, and mitigate risks and vulnerabilities of third parties in the supply chain, and enforce security designs in any phase of product life cycle.

• Assisting with the development of assessment programs, and questionnaires to aid in the mitigation of supplier security risks, and assist with existing and prospective customers.

• Prepare internal and external communication plans and presentations, and develop risk-related policies, procedures and training that compliment global compliance, risk management frameworks, and best practices.

Experience you’ll bring:

• Experience in information security risk assessment, business impact analysis, business resilience, auditing processes with a focus on SaaS and/or technical business.

• Excellent organization skills, excellent interpersonal skills, problem solving and innovative thinking, attention to detail, ability to work well within a team and have a helpful and positive attitude.

Requirements:

• Bachelors of Science in CIS/MIS/CS/CE, Engineering/Technology or related field or equivalent experience/training.

• 5+ years working in Risk, SaaS business, or technology industry.

• Familiarity with security and privacy standards and regulations (e.g., NIST RFM, ISO 31000ERM, COSO ERM, GDPR, SOC 2, PCI, ISO 27001, COBIT, FAIR)

• Applicable industry certifications (e.g., CIPP, CRISC, CISA, CISSP, CISM etc.)

• Ability to travel up to 10%, including internationally

• This is a remote role; however, applicants located within 45 miles of our Westlake/Dallas, TX office should expect to work on-site Tuesday through Thursday, with remote flexibility on Mondays and Fridays. This approach enables more effective collaboration, quicker decision-making, and a stronger culture, while still providing flexibility.

Why you’ll love working here:

• We’re a blended workplace, where team members work remotely or in a hybrid setup depending on their role and location

• We’re mission driven and guided by our culture pillars

• We have a strong commitment to diversity and belonging

• We cultivate a culture of trust, autonomy, and collaboration

• We’re lifelong learners and champion team member growth and advancement

• We’ve got you covered - team member benefits include competitive compensation packages, medical coverage, unlimited PTO, wellness reimbursements, Pluralsight subscription, professional development funds and more.

About us:

Pluralsight provides the only learning platform dedicated to accelerating the technology skills and capabilities of today’s tech workforce. Thousands of companies, government organizations and individuals around the world rely on Pluralsight to support critical technology skill development in areas that are crucial to innovation including artificial intelligence, cloud computing, cybersecurity, software development, and machine learning. Pluralsight provides highly curated content developed by vetted technology experts, industry leading skill assessments, and hands on, immersive learning experiences designed to help individuals skill-up faster.

Physical Requirements:

This role is primarily performed in an office or home office setting and involves standard computer-based work.

EEOC Statement & Accommodations Statement:

Bring yourself. Pluralsight is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, age, or veteran status. We also consider qualified applicants with criminal histories, consistent with EEOC guidelines and local laws.

If you need an accommodation to apply, interview, or perform essential job functions, please visit the bottom of our website to learn how to request an accommodation. Learn more about our commitment to diversity, equity, inclusion, and belonging in our DEIB Report.

The annual US base + variable range for this role is $97,900 - $128,800 USD. Actual compensation will depend on location, skills, experience, and other factors. Additional benefits and bonuses may apply.

Applications must be submitted within 90 days after the initial posting date to be considered.

Please be aware of recruiting scams. We’ll only contact you from an @pluralsight.com email or verified channels. We never ask for sensitive personal info or payments as part of the hiring process. All openings are posted on our Careers page.

#LI-JM2