Staff Security Risk and Compliance Program Manager

Location:

Remote, United States

Employment Type:

FullTime

Location Type:

Remote

Department

Engineering

Compensation:

$213.2K – $250.5K • Offers Equity

To learn more about our benefits click here https://confluentbenefits.com

We’re not just building better tech. We’re rewriting how data moves and what the world can do with it. With Confluent, data doesn’t sit still. Our platform puts information in motion, streaming in near real-time so companies can react faster, build smarter, and deliver experiences as dynamic as the world around them.

It takes a certain kind of person to join this team. Those who ask hard questions, give honest feedback, and show up for each other. No egos, no solo acts. Just smart, curious humans pushing toward something bigger, together.

One Confluent. One Team. One Data Streaming Platform.

As a Staff Security Risk and Compliance Program Manager in the Trust & Security organization you will play a critical role in fulfilling the vision to secure Confluent’s platform and cloud offerings through a combination of technical expertise, policy governance, security risk management, certification compliance and excellent program management skills. In this role, you\'ll be responsible for overseeing and maturing our compliance programs, ensuring we meet all relevant regulatory and legal obligations. You\'ll work closely with various departments to embed a culture of compliance throughout the organization and help us navigate a complex regulatory landscape. You will also develop metrics and reporting for senior leadership and executives. This is a senior-level position that requires strong leadership, deep expertise in compliance frameworks, and a data-driven approach to risk management.

• Program Ownership: Develop, implement, and maintain Confluent\'s compliance program, policies, and procedures. Act as the primary owner of compliance initiatives, ensuring they are well-defined and executed on time.
• Regulatory Liaison: Stay up-to-date with relevant security regulations, standards and industry best practices. Translate these requirements into actionable controls and processes. Act as a key point of contact for external auditors.
• Compliance Readiness: Conduct compliance readiness assessments when there is a need to adopt a new framework. Identify compliance gaps and develop mitigation strategies along with technical and non-technical control & process owners.
• Compliance Maturity: Implement and operationalize a common control framework, assess control effectiveness regularly and identify areas for improvement.
• Policy & Training: Create and manage company-wide policies related to trust & security. Develop and deliver training and awareness programs to educate employees on their compliance responsibilities.
• Audit & Reporting: Plan and execute internal and external compliance audits. Manage audits and oversee the collection of evidence. Prepare and present regular reports to senior leadership on the status of the compliance program, identified risks, and remediation efforts.
• Cross-Functional Collaboration: Partner with Legal, Engineering, Product, IT, and other business functions to ensure compliance requirements are built into new products, systems, and processes from the start.
• Continuous Improvement: Drive a culture of continuous improvement, regularly reviewing and enhancing the compliance program to address evolving risks and regulatory changes.

• Experience: 8+ years of experience in GRC, with a significant portion of that time focused specifically on compliance and regulatory matters.
• Technical Skills:
• Strong understanding of compliance frameworks such as NIST, ISO 27001, SOC, PCI DSS, HITRUST, CSA Star, etc.
• Experience with public sector compliance and international compliance frameworks (i.e. FedRAMP, CMMC, IRAP, Cyber Essential, C5, etc) is a strong plus.
• Strong knowledge of and experience in all facets of integrated security governance, risk, and compliance management.
• Strong security engineering fundamentals background in infrastructure security controls in GCP, AWS, Azure, and/or web application security.
• Tooling and automation: Experience with implementing, operationalizing and maintaining GRC platforms.
• Program Management Skills:
• Strong project management and organizational skills.
• Experience in running long-term, complex security programs that deliver iterative improvements and risk reduction.
• Communication and Collaboration skills: Excellent written and verbal communication skills. The ability to influence and lead without direct authority. Detail-oriented with a strong analytical mindset.
• Certifications: Current Security CISSP, CRISC, CISM or equivalent certification completed or currently in progress is a plus.

Ready to build what\'s next? Let’s get in motion.

Come As You Are

Belonging isn’t a perk here. It’s the baseline. We work across time zones and backgrounds, knowing the best ideas come from different perspectives. And we make space for everyone to lead, grow, and challenge what’s possible.

We’re proud to be an equal opportunity workplace. Employment decisions are based on job-related criteria, without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, or any other classification protected by law.