Security Risk Manager

Our Company

Changing the world through digital experiences is what Adobe's all about. We give everyone-from emerging artists to global brands-everything they need to design and deliver exceptional digital experiences! We're passionate about empowering people to create beautiful and powerful images, videos, and apps, and transform how companies interact with customers across every screen.

We're on a mission to hire the very best and are committed to creating exceptional employee experiences where everyone is respected and has access to equal opportunity. We realize that new ideas can come from everywhere in the organization, and we know the next big idea could be yours!

The Opportunity

The Adobe Security Risk & Governance team is seeking a hardworking risk professional to be at the forefront of Adobe's ever-evolving landscape of cyber threats. This role is pivotal in ensuring Adobe maintains a clear vision regarding both existing, and emerging, cyber security risks and which challenges we need to prioritize. You will have the opportunity to improve our risk management capabilities by continually innovating our foundational risk methodology, analyzing real-time risk, performing data analysis to understand its implications, and identifying pathways to mitigate risk across Adobe. This is an opportunity to develop innovative risk identification, analysis, and treatment strategies, and have a significant impact on Adobe's security posture.

What You Will Do

• Provide input and refine the overall Adobe Security Risk Management Framework, its processes, and related documentation.
• Implement the risk management program to identify and handle security risks that may impact Adobe.
• Maintain a centralized Security Risk Register and provide clear and reliable reporting to the Risk Steering and Operating Committees.
• Perform initial risk triage and due diligence including thorough review of scope, context, and data
• Perform security reviews to identify security gaps resulting in recommendations for consideration in security planning and budgeting cycles.
• Develop and generate reports, dashboards, and presentations to communicate cybersecurity risks and metrics to partners, including senior leadership and technical teams.
• Proactively find opportunities for risk process automation through use of data, key risk indicators, tooling (or other) and partner with product and Security team members to improve and innovate the Risk program methodology to become more agile, efficient, and effective.
• Collect data from various sources; leverage existing tools and technologies to combine data sets and identify patterns/trends
• Conduct in-depth research on emerging threats, threat actors, and their tactics, techniques, and procedures.

What You Need to Succeed

• A Bachelor's or Master's degree in computer science, cyber security, information systems, information technology, or a related field is preferred. Equivalent experience in these areas will also be considered.
• 5+ years in information security with experience in threat and risk evaluation, analysis, and response.
• Industry Certifications such as CISSP, CRISC, CASP+, CISM, CISA, GCIH, CFCE, GCFA, and/or GCFE.
• Deep technical skills in a variety of environments (i.e., AWS, Azure, GCP, metal), operating systems, languages, and databases.
• Demonstrable ability to research security publications, intelligence feeds, and other valuable data sources to capture and identify the latest Cyber Security themes and how they impact the organization.
• Knowledge of various threat intelligence frameworks and adversary techniques such as the MITRE ATT&CK, Cyber Kill Chain, or related.
• Proficiency with one or more SIEM or data query language
• Strong data analytics and investigative skills with the ability to evidence and support risk findings with credible data metrics, facts, and visualization.
• Ability to find patterns in data and clearly articulate your findings.
• Knowledge of Industry and Regulatory frameworks (e.g., NIST, SOC2, FedRAMP, ISO, PCI, HIPAA, etc.)

Our compensation reflects the cost of labor across several U.S. geographic markets, and we pay differently based on those defined markets. The U.S. pay range for this position is $77,000 -- $177,400 annually. Pay within this range varies by work location and may also depend on job-related knowledge, skills, and experience. Your recruiter can share more about the specific salary range for the job location during the hiring process.

At Adobe, for sales roles starting salaries are expressed as total target compensation (TTC = base + commission), and short-term incentives are in the form of sales commission plans. Non-sales roles starting salaries are expressed as base salary and short-term incentives are in the form of the Annual Incentive Plan (AIP).

In addition, certain roles may be eligible for long-term incentives in the form of a new hire equity award.

Adobe will consider qualified applicants with arrest or conviction records for employment in accordance with state and local laws and "fair chance" ordinances.

Adobe is proud to be an Equal Employment Opportunity and affirmative action employer. We do not discriminate based on gender, race or color, ethnicity or national origin, age, disability, religion, sexual orientation, gender identity or expression, veteran status, or any other applicable characteristics protected by law. Learn more.

Adobe aims to make Adobe.com accessible to any and all users. If you have a disability or special need that requires accommodation to navigate our website or complete the application process, email [email protected] or call (408) 536-3015.

Adobe values a free and open marketplace for all employees and has policies in place to ensure that we do not enter into illegal agreements with other companies to not recruit or hire each other's employees.