Information Security Program Manager, Supply Chain Risk

Rubrik

  • Full Time

Information Security – Who We Are

Rubrik is seeking creative problem solvers with a passion for cyber security. In this role you will partner with all parts of the business to help secure the brand and protect the organization, company, and customer environments. You will be responsible for building and executing on security programs and delivering security technologies and improvements across the board. The ideal candidate for this role is someone who can innovate and deliver strong cyberdefense capabilities that enhance the posture, maturity, and value of Rubrik’s information security organization.

What you'll be doing:

Cybersecurity Supply Chain Risk Management (SCRM) (sometimes also called Third Party Risk Management, or TPRM) involves identifying and assessing supplier and supply chain risks, determining appropriate risk response actions, developing plans to manage and remediate risks, and monitoring performance against plans. You’ll do all that and more. 

Rubrik is seeking a technical Program Manager to build our Supply Chain Risk Management Program. This role will coalesce the existing Supply Chain / Supplier Risk ecosystem at Rubrik to form a virtual / matrixed program team that benefits from security leadership and risk-based governance. In collaboration with business partners and stakeholders, this exciting new role will work iteratively to develop Rubrik’s supply chain risk strategy and management plan, and ensure the implementation and adoption of related controls, operational processes, and technology.

Your initial focus will address recent changes in U.S. Federal policy and processes, confirming  Rubrik’s compliance with national directives, NIST SP 800-53 r5, NIST SP 800-161, and the associated Cybersecurity Supply Chain Risk Management (C-SCRM) requirements of FedRAMP. You will evaluate Rubrik’s posture, scope and validate component inventories in our PubSec portfolio, and develop a plan for risk-based remediation of any gaps or vulnerabilities identified. 

 

From there, your work will expand to maturing effective Supply Chain Risk Management practices for Rubrik as a whole. You will streamline, optimize, and enhance security across a dynamic and complex environment that extends from Rubrik’s Customers to Rubrik’s Suppliers. Internally, you will work directly with development teams and colleagues from different disciplines to identify, assess, and manage supply chain risks. Your ability to build consensus and work collaboratively across teams and differing perspectives will be critical to your success in driving best practices throughout the organization. 

Responsibilities

Program Development

  • Finalize the SCRM Plan for Rubrik’s government cloud service
  • Work with the existing SCRM ecosystem to establish the vision, scope, plans, and road map for Rubrik’s Supply Chain Risk Management Program 
  • Build a cross-functional governance, oversight, and advisory framework and risk-based decision making for the SCRM program
  • Establish performance measures for the Supply Chain Risk Management ecosystem to articulate and demonstrate the program’s progress, impact, and value to Rubrik
  • Design and/or document SCRM controls, processes, and procedures 
  • Coordinate with Legal on incoming / outgoing SCRM Attestations
  • Provide subject matter expertise to teams including but not limited to Procurement, Contracting, InfoSec, Engineering, Legal, Operations, Compliance, and IT
  • Raise awareness of Supply Chain threats, attack vectors, tactics, and exploits
  • Develop and deliver executive-level presentations to propose key initiatives, provide critical implementation updates, ensure transparent status reporting

 

Operations

  • Continuous monitoring of supply chain / supplier vulnerabilities and their remediation
  • Assess SCRM posture and develop plans for closing gaps in capability or maturity
  • Execute on, or monitor and oversee execution of Supply Chain Risk mitigation plans
  • Document, monitor, and maintain provenance of in-scope systems, software components, and products
  • Maintain approved Risk Management Plan artifacts and ensure timely updates
  • Lead or monitor initiatives associated with SCRM enhancements

 

Technical

  • Implement / administer tool(s) for Software Supply Chain Security (Open Source, Containers) or Software Bill of Materials (SBOM), find vulnerabilities, and verify remediation
  • Configure / Administer tools like Jira and OneTrust for risk assessments or escalations
  • Work with tools like ZenGRC to manage SCRM / TPRM controls and evidence
  • Drive automation for effectiveness, efficiency, and scalability

 

Ideal Background

  • 7+ years in a software/SaaS company, or similar technology-driven environment
  • 3+ years Information Security experience related to Risk Management or Compliance
  • Strong leadership skills, able to drive outcomes through collaboration and influence rather than through conventional “people management” authority
  • Solid delivery skills as a program / project manager, handling concurrent initiatives
  • Driven to organize, establish, and improve processes, balancing speed with internal relationships and consensus from stakeholders; bias for action, especially in working through ambiguity or resolving conflict
  • Superb interpersonal, verbal, and written communication skills with the ability to convey complex concepts to a broad range of technical and non-technical audiences including C-Suite executives
  • Bachelor’s degree required; in Information Security, Information Technology Management, Business Management, or a related field is preferred
  • CRISC, CISSP, CISA, FAIR, CRM, Cloud and other relevant certification(s) a plus

#LI-JS1

#LI-Remote

About Rubrik:

Rubrik, the Zero Trust Data Security Company™, delivers data security and operational resilience for enterprises. Rubrik’s big idea is to provide data security and data protection on a single platform, including Zero Trust Data Protection, Ransomware Investigation, Incident Containment, Sensitive Data Discovery, and Orchestrated Application Recovery. This means your data is ready so you can recover the data you need, and avoid paying a ransom. Because when you secure your data, you secure your applications, and you secure your business.

We are a leader in data security, have been recognized as as a Forbes Cloud 100 Company, named as a LinkedIn Top 10 Startup and are proud to have earned Great Place to Work® Certification™. There has never been a more exciting time to join Rubrik, and our future is even brighter. The work you do will help propel our next chapter of growth as you do the best work of your career.

Linkedin | Twitter | InstagramRubrik.com

Diversity, Equity & Inclusion @ Rubrik: 

At Rubrik we are committed to building and sustaining a culture where people of all backgrounds are valued, know they belong, and believe they can succeed here.

Rubrik's goal is to hire and promote the best person for the job, no matter their background. In doing so, Rubrik is committed to correcting systemic processes and cultural norms that have prevented equal representation. This means we review our current efforts with the intent to offer fair hiring, promotion, and compensation opportunities to people from historically underrepresented communities, and strive to create a company culture where all employees feel they can bring their authentic selves to work and be successful.

Our DEI strategy focuses on three core areas of our business and culture:

  • Our Company: Build a diverse company that provides equitable access to growth and success for all employees globally. 
  • Our Culture: Create an inclusive environment where authenticity thrives and people of all backgrounds feel like they belong.
  • Our Communities: Expand our commitment to diversity, equity, & inclusion within and beyond our company walls to invest in future generations of underrepresented talent and bring innovation to our clients.
Equal Opportunity Employer/Veterans/Disabled: Rubrik is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or protected veteran status and will not be discriminated against on the basis of disability.
Rubrik provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability or genetics. In addition to federal law requirements, Rubrik complies with applicable state and local laws governing nondiscrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training. 
Federal law requires employers to provide reasonable accommodation to qualified individuals with disabilities. Please contact us at hr@rubrik.com if you require a reasonable accommodation to apply for a job or to perform your job. Examples of reasonable accommodation include making a change to the application process or work procedures, providing documents in an alternate format, using a sign language interpreter, or using specialized equipment.
EEO IS THE LAW
EEO IS THE LAW – POSTER SUPPLEMENT
PAY TRANSPARENCY NONDISCRIMINATION PROVISION
NOTIFICATION OF EMPLOYEE RIGHTS UNDER FEDERAL LABOR LAWS
Your subscription could not be saved. Please try again.
Your subscription has been successful.

Receive job alerts twice per week:

We use Sendinblue as our marketing platform. By Clicking below to submit this form, you acknowledge that the information you provided will be transferred to Sendinblue for processing in accordance with their terms of use