Description:
We are looking for a detail-oriented and collaborative Security Governance Lead to head up the development and execution of Cohesity’s security governance initiatives. This role is ideal for someone with strong experience in cybersecurity, security governance, compliance, and policy management. The successful candidate will manage our Common Controls Framework, cyber security policies, partner in risk and compliance assessments, and support key governance processes across the organization.
Key Responsibilities
- Own the maintenance and accuracy of the Cohesity Common Controls Framework.
- Lead the development, maintenance, and communication of information security policies, standards, and procedures in line with industry best practices (e.g., NIST, ISO 27001).
- Lead security governance activities including cyber policy lifecycle management, control mapping, and framework alignment.
- Support internal and external audits by partnering with cyber-Compliance team.
- Partner with stakeholders to maintain documentation and dashboards for compliance with regulatory and industry frameworks (e.g., ISO 27001, SOC 2, SOX, GDPR).
- Track security metrics against KPIs to measure program effectiveness and support continuous improvement.
- Collaborate with teams across Security, IT, Legal, Engineering, etc. to ensure alignment on security governance objectives.
- Drive technology innovation in the Security Governance function to enable accurate real time monitoring and ensuring the program can scale with the growing company.
Required Qualifications
- 8+ years of experience in cybersecurity, IT governance, GRC, or related roles.
- Foundational knowledge of security frameworks (e.g., NIST CSF, ISO 27001, CIS Controls).
- Strong organizational and communication skills, with the ability to engage cross-functional stakeholders.
- Understanding of risk and compliance principles as they relate to enterprise cybersecurity programs.
- Bachelor's degree or equivalent experience in Cybersecurity, Information Security, Risk Management, audit or a related field.
- Experience writing, maintaining, and implementing security policies, procedures, and standards.
Preferred Qualifications And Experience
- Familiarity with audit processes and compliance requirements (e.g., SOC 2, ISO 27001, GDPR, HIPAA).
- Experience with third-party risk management programs or vendor security assessments.
- Exposure to risk or control assessments and control testing.
- Industry certifications such as Security+, ISO 27001 Lead Implementer, or similar are desirable.
- Knowledge of security governance in cloud-first, SaaS, or DevOps environments.