Security Risk Analyst

Snowflake is looking for a Product Security Risk Analyst who can manage and improve on  the existing program for assessing the risk of third party tools and services in use by Snowflake. You will be responsible for managing the intake process,  working with constituents to collect the required information, collecting all  necessary details to understand the use case for each tool or service, and  reviewing the required documentation and evidence to meet the security  controls required based on the use case. 


As the Security Risk Analyst, you will:

  • Manage vendors risk remediation process
  • Track vulnerability remediation, when necessary organizing meetings or escalating the issues 
  • Review and process incoming requests for security assessment of new products and services
  • Review all evidence provided to compare vendor security controls to Snowflake data protection requirements
  • Decide as to whether to approve or reject the tool or service based on remaining risk levels
  • Assess and manage security findings from various vendor security monitoring systems
  • Manage annual vendor security re-assessments
  • Manage security awareness program, reminders, and escalations. Provide periodic reports on the program efficiency
  • Ensure that all new employees are assigned to the security training 
  • Develop and improve security documentation


Our ideal Security Risk Analyst will have:

  • 2 years of experience in security or audit role
  • Previous experience assessing security of third party vendors,  tools, and services 
  • Understanding of a broad set of security best practices (e.g., application security, secure software development lifecycles, risk management, data protection, encryption & key management, identity and access management, security operations, security governance, network security, etc.) and technologies
  • Flexibility to work during different time zones
  • Exceptional communication skills, including perfect written English
  • Familiarity with PCI-DSS, HIPAA, SOC1, SOC2, FedRAMP, GDPR, and/or ISO standards and frameworks
  • Good understanding of application and cloud security concepts and controls
  • Previous role that requires exceptional organizational skills
  • Extremely high ethical standards as proven by successful background checks and references
  • Previous experience working with a variety of personalities from a variety of cultures
  • Experience with a Software as a Service / Cloud solutions


Bonus points for experience with the following:

  • Proficiency in use of JIRA, Confluence, and ServiceNow 
  • BI and database experience, including SQL knowledge and making dashboards 
  • Security certification, such as CISSP, CCSP, CISA, Security+
  • AWS, Azure, Google Cloud, or other major Cloud Provider experience


Apply for this Job

* Required