People Matter

Senior Director, Governance, Risk & Compliance

Rubrik

Rubrik

Legal, Sales & Business Development
Palo Alto, CA, USA
Posted on Jul 24, 2024

About the Information Security Team

Rubrik’s Information Security Team is charged with safeguarding Rubrik’s digital assets and customer data through proactive security measures, innovative solutions, and rigorous compliance practices. We strive to foster a culture of security awareness, mitigate risks effectively, and uphold the trust of our customers and stakeholders. We play a critical role in enabling the company to achieve its strategic objectives while safeguarding its reputation and ensuring the trust of its stakeholders.

This multifaceted team, has a range of responsibilities including:

  1. Security Operations: This team focuses on monitoring the company's networks, systems, and endpoints for potential security incidents. They use advanced tools to detect, analyze, and respond to threats in real-time.
  2. Incident Response: This group is tasked with quickly mitigating security breaches or incidents that may occur. They coordinate with other teams to contain and remediate any issues while minimizing impact.
  3. Governance, Risk, and Compliance (GRC): This team ensures that Rubrik adheres to industry regulations and standards related to information security. They manage audits, assess risks, and implement policies and procedures to maintain compliance.
  4. Security Engineering: Engineers in this team design and implement security solutions for Rubrik’s infrastructure and products. They may develop tools, configure security systems, and perform security assessments.
  5. Security Awareness and Training: Educating employees about cybersecurity best practices is crucial. This team creates training programs and awareness campaigns to help all staff understand their role in maintaining security.
  6. Threat Intelligence: By monitoring external threats and trends, this team provides proactive insights that help enhance Rubrik’s defenses against emerging cyber threats.
  7. Security Architecture: Architects design the overall security infrastructure and framework for Rubrik, ensuring that all systems are built with security in mind from the ground up.
  8. Risk Management: This team assesses and prioritizes security risks to the organization, helping to allocate resources effectively to address the most critical vulnerabilities.

The team works collaboratively across departments to protect the company's assets, maintain trust with customers, and uphold high standards of security in all operations.

Role & Responsibilities

Rubrik is actively recruiting for a Senior Director for Governance, Risk & Compliance (GRC), reporting directly to the Vice President & Chief Information Security Officer. In this role, you will enable and transform the risk management, compliance and security governance capabilities and resources of Rubrik. Rubrik is investing in these areas to address the evolving cybersecurity threat landscape, as well as regulatory compliance requirements as the company continues to grow.

The Senior Director, GRC role is a critical position within the organization and has responsibilities from a technology and process perspective across the organization globally. Working closely with the stakeholders across the company, this position will be responsible for continuing to build and enhance the GRC portfolio of efforts to raise the overall security and compliance posture for Rubrik.

This role is part of the Information Security leadership team and manages a global organization of 25+ people.

How will you make impact?

  • In this role, you will be directly responsible for implementing, maintaining and improving policies, procedures and internal controls to assure compliance with applicable regulatory and legal requirements as well as industry best practices. You will drive risk analysis for internal and external third-party risk assessments by designing controls and implementing industry best practice processes for teams and technologies utilized across the organization. You will work across multiple frameworks and regulatory standards including, but not limited to, NIST CSF, ISO, GDPR, SOX, PCI, FedRamp, SOC2 etc.
  • You will liaise with all business groups including but not limited to Finance, Legal, Audit, Engineering, IT, Product, Support, Marketing and Sales and other stakeholders globally to implement new solutions and processes as well as document and remediate outstanding issues.
  • Under the general direction of the CISO, the role is responsible for project management and implementation of controls to build and enhance the GRC program. Additionally, you will be responsible for informing leadership of issues resulting from risk analysis and determining potential solutions that are appropriate for Rubrik business and system architecture.
  • You will work closely with Rubrik IT and business stakeholders to understand risks to critical infrastructure by defining potential business impact with the responsibility to apply effective mitigation strategies. You will be responsible for maintaining Rubrik Information Security Policies and Information Security Standards.
  • Finally, you will maintain updated knowledge in the field of risk management and compliance to efficiently work on evolving frameworks as well as master new compliance regimes that support the go to market strategy of the company to enable success in new geographies or market segments.

Ideal Candidate:

  • Ability to lead and manage a geographically dispersed, highly talented and fast paced team
  • Understanding of qualitative vs. quantitative risk management and inherent vs. residual risk to properly determine, evaluate, and report on technology risk levels at the project and enterprise level.
  • Understanding of security functions including: Incident Management, Change Management, Identity and Access Management, and Vendor Security Risk Management.
  • Ability to effectively communicate complex and esoteric principles to non-technical stakeholders
  • Ability to influence, create compelling vision and drive alignment across complex stakeholders, functions to deliver results.
  • Ability to build effective relationships across organizational boundaries to foster teamwork and collaboration, create alignment, remove frictions and enable global solutions and shared successAn enabler, one who can remove impediments that stand in the way of their teams’ success, inspire and empower everyone to do their best work
  • Build organizational and talent capabilities to deliver on business objectives. Ability to assess the team’s talents, skills, capabilities and career aspirations and build effective talent management plan to continuously develop key talents and enhance the overall team effectiveness, maturity, cohesion and capacity.

Required/Minimum Qualifications

  • University degree or equivalent demonstrated education and/or work experience in Computer Information Systems, Software Engineering, Information Technology Management, Computer Science, Systems Engineering, Information Systems/Application Security Architecture.
  • Fluent verbal and written English interpersonal and communication skills.
  • 5+ years’ experience working in complex Information Technology/Application Development environments.
  • Prior management experience in IT, Information Security, Application Development and/or Cybersecurity Risk Management.
  • Ability to and experience with, management of resources to include people and financial and the ability to allocate resources based on changing organizational priorities and external and internal influences and factors.
The minimum and maximum base salaries for this role are posted below; additionally, the role is eligible for bonus potential, equity and benefits. The range displayed reflects the minimum and maximum target for new hire salaries for the role based on U.S. location. Within the range, the salary offered will be determined by work location and additional factors, including job-related skills, experience, and relevant education or training.
US Pay Range
$259,600$362,200 USD

Join Us in Securing the World's Data

Rubrik (NYSE: RBRK) is on a mission to secure the world’s data. With Zero Trust Data Security™, we help organizations achieve business resilience against cyberattacks, malicious insiders, and operational disruptions. Rubrik Security Cloud, powered by machine learning, secures data across enterprise, cloud, and SaaS applications. We help organizations uphold data integrity, deliver data availability that withstands adverse conditions, continuously monitor data risks and threats, and restore businesses with their data when infrastructure is attacked.

Linkedin | X (formerly Twitter) | Instagram | Rubrik.com

Diversity, Equity & Inclusion @ Rubrik

At Rubrik we are committed to building and sustaining a culture where people of all backgrounds are valued, know they belong, and believe they can succeed here.

Rubrik's goal is to hire and promote the best person for the job, no matter their background. In doing so, Rubrik is committed to correcting systemic processes and cultural norms that have prevented equal representation. This means we review our current efforts with the intent to offer fair hiring, promotion, and compensation opportunities to people from historically underrepresented communities, and strive to create a company culture where all employees feel they can bring their authentic selves to work and be successful.

Our DEI strategy focuses on three core areas of our business and culture:

  • Our Company: Build a diverse company that provides equitable access to growth and success for all employees globally.

  • Our Culture: Create an inclusive environment where authenticity thrives and people of all backgrounds feel like they belong.

  • Our Communities: Expand our commitment to diversity, equity, & inclusion within and beyond our company walls to invest in future generations of underrepresented talent and bring innovation to our clients.

Equal Opportunity Employer/Veterans/Disabled

Rubrik is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or protected veteran status and will not be discriminated against on the basis of disability.

Rubrik provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability or genetics. In addition to federal law requirements, Rubrik complies with applicable state and local laws governing nondiscrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.

Federal law requires employers to provide reasonable accommodation to qualified individuals with disabilities. Please contact us at hr@rubrik.com if you require a reasonable accommodation to apply for a job or to perform your job. Examples of reasonable accommodation include making a change to the application process or work procedures, providing documents in an alternate format, using a sign language interpreter, or using specialized equipment.

EEO IS THE LAW

EEO IS THE LAW - POSTER SUPPLEMENT

PAY TRANSPARENCY NONDISCRIMINATION PROVISION

NOTIFICATION OF EMPLOYEE RIGHTS UNDER FEDERAL LABOR LAWS