Security Risk Manager

Our Company

Changing the world through digital experiences is what Adobe’s all about. We give everyone—from emerging artists to global brands—everything they need to design and deliver exceptional digital experiences! We’re passionate about empowering people to create beautiful and powerful images, videos, and apps, and transform how companies interact with customers across every screen. 

We’re on a mission to hire the very best and are committed to creating exceptional employee experiences where everyone is respected and has access to equal opportunity. We realize that new ideas can come from everywhere in the organization, and we know the next big idea could be yours!

The Opportunity

The Adobe Security Risk & Governance team is seeking a hardworking risk professional to be at the forefront of Adobe’s ever-evolving landscape of cyber threats. This role is pivotal in ensuring Adobe maintains a clear vision regarding both existing, and emerging, cyber security risks and which challenges we need to prioritize. You will have the opportunity to improve our risk management capabilities by continually innovating our foundational risk methodology, analyzing real-time risk, performing data analysis to understand its implications, and identifying pathways to mitigate risk across Adobe. This is an opportunity to develop innovative risk identification, analysis, and treatment strategies, and have a significant impact on Adobe’s security posture.

What You Will Do

• Provide input and refine the overall Adobe Security Risk Management Framework, its processes, and related documentation.
• Implement the risk management program to identify and handle security risks that may impact Adobe.
• Maintain a centralized Security Risk Register and provide clear and reliable reporting to the Risk Steering and Operating Committees.
• Perform initial risk triage and due diligence including thorough review of scope, context, and data
• Perform security reviews to identify security gaps resulting in recommendations for consideration in security planning and budgeting cycles.
• Develop and generate reports, dashboards, and presentations to communicate cybersecurity risks and metrics to partners, including senior leadership and technical teams.
• Proactively find opportunities for risk process automation through use of data, key risk indicators, tooling (or other) and partner with product and Security team members to improve and innovate the Risk program methodology to become more agile, efficient, and effective.
• Collect data from various sources; leverage existing tools and technologies to combine data sets and identify patterns/trends
• Conduct in-depth research on emerging threats, threat actors, and their tactics, techniques, and procedures.

What You Need to Succeed

• A Bachelor’s or Master’s degree in computer science, cyber security, information systems, information technology, or a related field is preferred. Equivalent experience in these areas will also be considered.
• 5+ years in information security with experience in threat and risk evaluation, analysis, and response.
• Industry Certifications such as CISSP, CRISC, CASP+, CISM, CISA, GCIH, CFCE, GCFA, and/or GCFE.
• Deep technical skills in a variety of environments (i.e., AWS, Azure, GCP, metal), operating systems, languages, and databases.
• Demonstrable ability to research security publications, intelligence feeds, and other valuable data sources to capture and identify the latest Cyber Security themes and how they impact the organization.
• Knowledge of various threat intelligence frameworks and adversary techniques such as the MITRE ATT&CK, Cyber Kill Chain, or related.
• Proficiency with one or more SIEM or data query language
• Strong data analytics and investigative skills with the ability to evidence and support risk findings with credible data metrics, facts, and visualization.
• Ability to find patterns in data and clearly articulate your findings.
• Knowledge of Industry and Regulatory frameworks (e.g., NIST, SOC2, FedRAMP, ISO, PCI, HIPAA, etc.)