Senior Security Risk & Compliance Officer

About the Role

Join our team as a Senior Security Risk and Compliance Officer. This role involves conducting in-depth security research, guiding secure development, and promoting security best practices. You will be the organization's trusted subject matter expert in security risk and compliance.

Our global security professionals support WSO2 customers (both internal and external) and partners in over 90 countries. We provide cybersecurity guidance, act as trusted advisors to our engineers and developers, and establish industry-leading strategies for secure open source software development. The Security Risk and Compliance Information Team drives cybersecurity, data protection, governance, and risk and compliance across all company regions. This position is for an accomplished security professional with proven industry experience.

Your Key Responsibilities

Risk and Compliance

Develop scalable compliance frameworks, security controls, and processes to meet regulations, corporate security policies, and customer commitments.

Identify trends in cybersecurity for compliance, legal, regulatory, and operational activities. Determine applicable risks and collaboratively implement effective mitigation strategies across the organization.

Continuously monitor to measure effectiveness of controls for security and compliance, providing reporting and escalation when needed and developing plans to successfully execute periodic internal audits.

Assist the Data Protection Officer (DPO) by continuously monitoring data security, aligning policies with data protection requirements, and fulfilling data requests from customers and regulators.

Proactively perform risk analysis for management, evaluating the impact on security control effectiveness, compliance adherence, policy updates, changes in business requirements, and cybersecurity incidents.

Collaborate with legal, IT, and other corporate departments to monitor emerging global requirements to assess their impact on business practices. Represent the security team in cross-company response efforts.

Collaborate with security teams, product teams, customers, regulators, and senior leadership on incident management. You will be a key player in our efforts to detect, protect, and defend.

Build strategy to verify that the mandated security and compliance checks, controls, procedures, and best practice guidelines are effectively executed and validated for completeness/accuracy.

Technical

Research vulnerabilities, threats, and technologies to assess their impact on WSO2 cloud platforms, products, and services. Develop and execute a risk mitigation strategy that builds and maintains customer confidence.

Evaluate and implement cloud security features (Azure, AWS, GCP) within WSO2 environments. Provide subject matter expertise on design and architecture to achieve strategic cybersecurity and compliance advantages for our customers.

Explore new security technologies and determine integration strategy into WSO2 processes. Participate in code and design reviews of products/solutions developed by other teams.

Automate security and compliance processes for efficiency, consistency, more effective compliance results, and reporting.

Review security testing/scanning reports, customer/prospect inquiries, and legal regulatory standards/requirements and provide guidance and direction.

Proactively identify, communicate, and mitigate issues and risks to protect deadlines and deliverables.

Teamwork and Leadership

Provide support and governance to help teams manage security incidents. Engage as an active member of the investigation, lead leadership communications, and provide strategic support.

Effectively break down complex tasks, delegate responsibilities, and ensure successful delivery through collaborative follow-up and coordination. This role requires strong project management skills, technical acumen, and leadership to manage expectations and ensure on-budget, on-schedule execution.

Maintain effective professional relationships with extended teams (Product Engineering, Pre-sales, Marketing, Sales, Legal, and Infrastructure) on security initiatives. Coordinate unplanned group efforts, manage conflicts professionally, and drive resolutions.

Ability to give timely and helpful (positive as well negative) feedback to interns, peers, and seniors (e.g., 360 feedback). Provide leadership in terms of educating and providing guidance in areas of expertise.

Ability to provide technical leadership, mentoring, direction, and feedback to junior members across the organization. Drive team and/or individual motivation and performance.

Qualifications and Skills and Relevant Experience

• BSc/MSc in Computer Science, Engineering, Security, Information Systems, or equivalent.
• 6+ years hands-on experience in IT auditing, cybersecurity, datacenter, security operations, risk and compliance frameworks/methodology, and IT frameworks (e.g., SDLC, ITIL, and COBIT).
• 5+ years of project management experience, demonstrated by successfully driving projects to completion, measuring results, and leading cross-functional teams.
• Certifications in one or more of the following: CISA, CISSP, OSCP, and OSWE. Cloud certifications (Azure, AWS, and GCP) are also highly valued.
• Experienced implementing and operating regulatory/industry standard certifications for data privacy and security and compliance is required (GDPR, HIPAA, SOC 2 Type 2, ISO, PCI, DORA, CRA, etc.).
• Demonstrated ability to develop a global strategy into an action plan/roadmap that is deployed across the organization. Perform complex reviews, interpreting the results and understanding cost impacts.
• Self-motivated with the ability to work with little supervision. Have a strong analytical focus, solid judgment under pressure, and business decision-making skills.
• Detail-oriented, organized, and comfortable with multi-tasking in a fast-paced, highly dynamic environment. Ability to prioritize project work based on resources, capabilities, time, and team focus.
• Excellent communication and interpersonal skills. Ability to negotiate with customers, peers, and partners to achieve a win-win solution.