IT Security & Risk Manager Dropbox
San Francisco, CA

Job Description

IT Security & Risk Manager San Francisco, CA

Company Description

Dropbox is a leading global collaboration platform that's transforming the way people work together, from the smallest business to the largest enterprise. With more than 500 million registered users across more than 180 countries, our mission is to unleash the world's creative energy by designing a more enlightened way of working. Headquartered in San Francisco, CA, Dropbox has more than 12 offices around the world.

Team Description

IT&S delivers technology strategy and solutions to our Dropbox business partners so they can work confidently, move fast, and scale effortlessly. We are the accelerator to the Dropbox business engine. We think of our team as a future-focused city planner for the Dropbox neighborhoods. We source, build and implement the right technology solution, and fit it into exactly the right place so that everything meets the high bar that Dropboxers expect.

Role Description

Protecting Dropbox and our Infrastructure is critical to being worthy of trust. Here at Dropbox we are looking for a IT Security and Risk Analyst to join our IT Risk and Governance Team, within our Information Technology and Services (ITS) group. As a Risk and Security Analyst, you will partner closely with various key internal teams across the organization to help us minimize our IT risks and build upon our Security posture through industry best practices. Additionally you will be responsible for the IT Security Risk Program through development and management of our internal security controls and risk assessment initiatives.

Responsibilities

In this role you will be assessing the current adequacy of the security strategy, business continuity /disaster recovery plans, threats to the systems, and then calculating the impact of potential adverse events-- focused on our cloud-based applications. You will continually conduct Audits, assessments, and update cloud-based security standards to help identify vulnerabilities and stay current with industry changes, as the threat profiles change constantly.

As a Security and Risk Analyst you will keep executive management up to date on the results of the risk assessment and make recommendations for mitigations, or projects, to protect their systems or cover potential losses.

To continually improve the quality of the risk management, you will collect lessons learned information and metrics from security events and integrate the knowledge gathered into future protection strategies. This may involve reviewing logs, network traces and other evidence from computers, networks and data storage devices.

* Own the strategy and roadmap for minimizing SAAS security risk - and develop communication plans to keep senior executives aware of risk posture
* You will Collaborate, create and implement security policies, procedures and standards based on industry standards
* You will intake security projects from the Dropbox Enterprise Security team, assess, negotiate, confirm the definition of done and include them in the backlogs of multiple ITS teams
* In this role you will Lead multiple Security-related projects and work streams
* You will be expected to stay knowledgeable of current advances in all areas of information technology concerning vulnerabilities, security breaches or malicious attacks
* Continuously evaluate communication security, data vulnerability, business continuity and compliance risks
* Identify vulnerabilities or weaknesses in systems
* Consistently evaluate security policy, processes and procedures for completeness
* Ensure that controls are adequate to protect sensitive information systems
* Report to management on IT system vulnerability and protection against malware and hackers
* Clearly document and define risks and potential impacts along with the statistical probability of such an event and identify systems affected by the defined risk
* Assist in identifying breaches in a firm's security or tracking the source of an unauthorized intrusion
* Communicate recommended business continuity preparations and controls, including deficiencies, to business units
* You will make recommend improvements in network security, identity management and logging based on current industry standards

Requirements

* 9+ years of overall experience in IT Security and Risk as an Analyst
* Knowledge and understanding of relevant IT Security controls
* Experience crafting Security policies, procedures and standards
* Ability to successfully partner with multi-functional internal partners
* Understanding and willingness to learn about diverse business functions
* Passion for technology and desire to tackle complex problems with creative solutions
* Phenomenal interpersonal skills and ability to work well in dynamic, team oriented environment

Benefits and Perks

* 100% company paid individual medical, dental, & vision insurance coverage
* 401k + company match
* Market competitive total compensation package
* Free Dropbox space for your friends and family
* Wellness Reimbursement
* Generous vacation policy
* 10 company paid holidays
* Volunteer time off
* Company sponsored tech talks (technology and other relevant professional topics)

Dropbox is an equal opportunity employer. We are a welcoming place for everyone, and we do our best to make sure all people feel supported and connected at work. A big part of that effort is our support for members and allies of internal groups like Asians at Dropbox, BlackDropboxers, Latinx, Pridebox (LGBTQ), Vets at Dropbox, Women at Dropbox, ATX Diversity (based in Austin, Texas) and the Dropbox Empowerment Network (based in Dublin, Ireland).