The Databricks Security Assurance Team enables Databricks to achieve and maintain third party certifications, helping secure our operations and instill confidence in customers. As a Senior Manager within the Security Assurance Team, you will lead compliance certification efforts for many of our certifications. This includes HITRUST, SOC 1, SOC 2, HIPAA, PCI, FSI, ISMAP, ISO 27000 series, and many others. You will be the Security Assurance Commercial Team manager reporting to the Sr. Director of Security Assurance.
This is a work opportunity within the following geographic region:
The impact you will have:
- Lead, manage, and mature the commercial Security Assurance Team for Databricks.
- Enable Databricks to expand and strengthen its presence in highly regulated markets, by enabling and supporting new compliance certifications such as ECC/CCC, TISAX, etc.
- Enable new business by supporting gap assessments of new security compliance requirements.
- Ensure audit readiness and security compliance across the organization by working cross-functionally with other teams such as Engineering, IT, Legal, and HR.
- Support other Security Teams using your understanding of security compliance requirements.
- Support security compliance reviews of new features.
- Develop and maintain strong relationships with external auditors and certification bodies to facilitate smooth audit processes.
What we look for:
We are looking for a professional with the following skills and practical experience in:
- Bachelor's degree in Computer Science or related field, or equivalent experience.
- 12+ years of security experience (or at least 8 years with an advanced degree) with at least 4 years of that in security compliance or security audits.
- 2-4 years of management experience.
- Experience leading, achieving, and maintaining at least four different security certifications.
- Experience managing security audits.
- Experience improving security compliance or security audit programs.
- Extensive understanding of security controls across all domains.
- A general understanding of key technical security controls in cloud environments (AWS, Azure, GCP).
- Experience working effectively across the spectrum of individual contributors and senior leadership within an organization (for example, Engineering, IT, Security, Legal, etc.).
- Excellent verbal and written communication, documentation, collaboration, analytical, and presentation skills.