Senior Staff Security Risk Management Engineer

Summary

Join Databricks as a Team Lead (Individual Contributor) for the Security Risk Management team and drive the program development and operational excellence of our security risk management program. You will provide subject matter expertise and leadership to a team of security risk management professionals. Collaborate with cross-functional teams to conduct security risk assessments and maintain the Databricks risk register. This remote position requires significant overlap with US East and West time zones and is available in the Netherlands and the United Kingdom. You will drive program maturity, lead the risk management team, manage escalations, integrate security risk management across the organization, and support recurring reporting. The role requires strong leadership, risk management, and communication skills.

Requirements

• Leading, mentoring, and developing a high-performing security risk management team, fostering collaboration, technical excellence, and continuous learning
• Designing, implementing, and managing a security risk management program
• Managing escalations and effectively interacting with leadership and cross-functional teams
• Building and documenting risk management and risk acceptance / security exception processes specific to a company’s environment
• Completing projects with multiple dependencies / constraints and build relationships with / manage diverse stakeholders remotely
• Tracking and reporting of key performance and risk indicators
• Ability to clearly articulate risk concepts and results to leadership and peers
• Excellent verbal and written communication, documentation, collaboration, analytical, and presentation skills
• 12+ years of security experience or advanced degree + 8 years of security experience
• 2 - 4 years of prior team management experience
• Working understanding of security, assessment, risk management, and compliance frameworks (e.g., NIST 800-37, NIST 800-39, NIST 800-30, MITRE ATT&CK, ISO 27001, ISO 27005, NIST 800-53, SOC 2, PCI, FedRAMP) and how they are implemented

Responsibilities

• Drive Security Risk Management program maturity to enable risk-informed decision making by the business leadership about risk tolerance and resource allocation
• Lead the team of Security Risk Management engineers to drive effectiveness and efficiency in program’s operations
• Be the primary point of contact for the handling of escalations with cross-functional teams and leadership
• Integrate security risk management across the organization
• Determine and drive risk mitigation efforts
• Support recurring reporting of risk program metrics to leadership
• Manage security risk acceptance and exceptions processes
• Maintain risk-related policy and process documents

Preferred Qualifications

• Bachelor's degree from an accredited college or university in cybersecurity, computer science, or related field is preferred
• Relevant security and GRC certifications, such as CISSP, CCSP, CSSLP, CGRC, CCSK, GSEC, GCIH, GCFE, GCFA, CISA, CRISC, and CEH, are preferred