Director of Security Assurance (Remote, EMEA)

Do you believe that security should be an operational enabler? Do you believe that, in the modern data-rich security world, risk heat maps just don’t quite cut it anymore? Do you want to build an incredible, forward thinking security assurance team in a security team going through meteoric growth in a company going through the same?

We want to build a new way to do GRC, one that is hyper-targeted at generating beneficial outcomes for both the business and the coalface, where we go beyond informing customers of practices and move towards building true trust. We want policies that are tuned iteratively to provide exactly the right balance of restriction and autonomy, real-time validation that we do what we say and that we say that we do things right. Wouldn’t it be interesting if an engineer making a product decision in code was informed by the same quantitative risk model as senior leadership? (We’ve all read How to Measure Anything in Cybersecurity Risk.)

Do you want, ultimately, to help customers solve the problems that we’ve solved ourselves by informing new products, released to the world for free?

This gives you an idea of the kind of team we want to build. Do you want to be our Director of Security Assurance? We’ve got some first-rate people already on the ground and further headcount waiting, let’s go.

This role reports to the CISO, alongside the leads for Security Engineering and Security Operations.

Key Responsibilities

• Overall accountability for and management of the Security Assurance team, including customer-facing Service Assurance, Risk Management, Supply Chain Risk, internal audit and Compliance functions
• Define required internal and external compliance levels in coordination with the CISO, DPO and other Engineering and Business leaders
• Contribute significantly to cybersecurity and cybersecurity product strategy
• Monitor and report on compliance with Grafana’s security certifications and relevant aspects of security-adjacent matters such as privacy (in support of the DPO) and business continuity (in support of engineering owners)
• Management of all security-related external / internal audits and accreditation processes
• Project management and evangelism of internal process improvement efforts to meet our contractual, regulatory, compliance and policy commitments
• Curation of highly effective, targeted security policies in line with our team values
• Creation of internal compliance and risk reports and summaries
• Delivery of service assurance to opportunities, customers, partners and investors
• Continual improvement of compliance, risk management, audit and service assurance functions

What experience would make someone be successful in this role?

• Strong technology skills – Ideally past experience as a developer or sysad
• At least 3 years managing a cybersecurity, compliance or tech risk team at a technology company, ideally Cloud-native.
• Broad knowledge of products and services in the security assurance/GRC market
• An appetite for a blend of hands-on and strategic deliverables
• Experience with the likes of ISO 27001 (et al), SOC2, FedRAMP
• Experience managing assurance functions at both public and private organizations beneficial
• Very strong communication and project management skills and an appetite for evangelism
• Passionate about mentoring and growing talent, empathic management practices and building a healthy workplace
• A strong believer in compliance and risk management that encourages and enhances autonomy
• Strong commercial and operational background

About Grafana Labs: There are more than 700,000 active installations of Grafana around the globe, monitoring everything from beehives to climate change in the Alps. The instantly recognizable dashboards have been spotted everywhere from a SpaceX launch and Minecraft HQ to Wimbledon and the Tour de France. Grafana Labs also helps companies including Bloomberg, JPMorgan Chase, and eBay manage their observability strategies with full-stack offerings that can be run fully managed with Grafana Cloud, or self-managed with Grafana Enterprise Stack. The Grafana stack has grown to include two other open-source projects, Grafana Loki (for logs) and Grafana Tempo (for traces).

Benefits: For more information about the perks and benefits of working at Grafana, please check out our careers page.

A note about covid-19: All Grafanistas who wish to attend in-person events or travel for Grafana Labs must be fully-vaccinated.

Equal Opportunity Employer: At Grafana Labs we’re building a company where a diverse mix of talented people want to come, stay, and do their best work. We know that our company runs on the hard work and the dedication of our passionate and creative employees.

We will recruit, train, compensate and promote regardless of race, religion, colour, national origin, gender, disability, age, veteran status, and all the other fascinating characteristics that make us different and unique. We believe that equality and diversity builds a strong organisation and we’re working hard to make sure that’s the foundation of our organisation as we grow.

For information about how your personal data is used once you’ve applied to a job, check out our privacy policy.