It all started in sunny San Diego, California in 2004 when a visionary engineer, Fred Luddy, saw the potential to transform how we work. Fast forward to today — ServiceNow stands as a global market leader, bringing innovative AI-enhanced technology to over 8,100 customers, including 85% of the Fortune 500®. Our intelligent cloud-based platform seamlessly connects people, systems, and processes to empower organizations to find smarter, faster, and better ways to work. But this is just the beginning of our journey. Join us as we pursue our purpose to make the world work better for everyone.

• Cybersecurity Risk Management: Maintain and oversee the technology and cybersecurity risk register, conducting regular risk assessments to identify, evaluate, and mitigate potential security threats.

• Security Requirements Translation: Translate complex security requirements into actionable business requirements, effectively communicating associated risks to stakeholders at all levels, including business leaders and engineers.

• Security Controls Implementation: Ensure the successful implementation and ongoing maintenance of security controls across classified information systems.

• Technical Risk Oversight: Manage and oversee technical risk assessments, including vulnerability scanning, penetration testing, risk evaluations for new applications, and third-party risk assessments.

• Security Design Advisory: Provide expert advice on security design, recommending security systems and controls that align with industry best practices.

• Collaborative Solutions Delivery: Work closely with application owners and multi-disciplinary teams to deliver comprehensive solutions that address identified security risks and concerns.

• Security Architecture Expertise: Serve as a subject matter expert in security architecture, tools, and systems engineering, supporting both IT and business teams.

• Cloud Security Controls Implementation: Lead the implementation of security-related projects, particularly for cloud and hybrid cloud systems.

• Security Automation: Drive the automation of security controls, data, and processes to enhance security metrics and operational support.

• Security as Code Framework: Design and implement tools to establish a Security as a Code framework, automating security controls, data, and processes to strengthen our overall security posture.

• Emerging Technologies Monitoring: Stay up-to-date on emerging security technologies, vulnerabilities, risks, and trends, and apply this knowledge to optimize security practices.

• Technical Documentation: Create and maintain comprehensive technical documentation, including run-books, for all security project implementations. Implement cybersecurity controls and standards, such as NIST and SOC2, relevant to TechOps infrastructure.

• Cross-Functional Collaboration: Act as a liaison with SSO & Internal audit teams for all security initiatives and audits.

• Hands-On Attitude: A proactive, "doer" mindset is essential—you should be ready to roll up your sleeves and tackle tasks as needed to get the job done.

• Educational Background Preferred: Bachelor’s degree with 10+ years of relevant industry experience, or a Master’s degree with 8+ years in Information Technology, Cybersecurity, or a closely related field.

• IT Controls Expertise: Over 7 years of experience in IT controls, with a background as a practitioner or lead. Experience with a “Big Four” or leading IT consulting firm is highly preferred.

• Cybersecurity Knowledge: Deep understanding of cybersecurity architectures, best practices, policies, and standards. Knowledge of SOX, ISO-27001, SOC2, and NIST compliance is required.

• Security Tools Proficiency: Proficient with a variety of security tools, such as vulnerability scanning tools, firewalls, internet proxies, and SIEM tools. Familiarity with platforms like Palo Alto Networks, Tenable, and Zscaler is advantageous.

• Risk and Compliance Experience: Demonstrated expertise in conducting risk assessments, performing compliance audits, and reviewing and updating security policies.

• Code Review and Automation: Ability to understand and conduct code reviews, and lead the development and implementation of compliance and operational controls automation.

• Audit and Risk Management: Extensive experience with both internal and external technology audits, including Operational Risk Management deep dives, testing, and strong advocacy for subject matter experts.

Not sure if you meet every qualification? We still encourage you to apply! We value inclusivity, welcoming candidates from diverse backgrounds, including non-traditional paths. Unique experiences enrich our team, and the willingness to dream big makes you an exceptional candidate!

#DTjobs

Work Personas

We lead with flexibility and trust in our distributed world of work. Work personas (flexible, remote, or required in office) are categories that are assigned to ServiceNow employees depending on the nature of their work. Learn more here (https://www.servicenow.com/content/dam/servicenow-assets/public/en-us/doc-type/other-document/careers/new-world-of-work-personas.pdf) .

Equal Opportunity Employer

ServiceNow is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, creed, religion, sex, sexual orientation, national origin or nationality, ancestry, age, disability, gender identity or expression, marital status, veteran status, or any other category protected by law. In addition, all qualified applicants with arrest or conviction records will be considered for employment in accordance with legal requirements.

Accommodations

We strive to create an accessible and inclusive experience for all candidates. If you require a reasonable accommodation to complete any part of the application process, or are unable to use this online application and need an alternative method to apply, please contact talent.acquisition@servicenow.com for assistance.

Export Control Regulations

For positions requiring access to controlled technology subject to export control regulations, including the U.S. Export Administration Regulations (EAR), ServiceNow may be required to obtain export control approval from government authorities for certain individuals. All employment is contingent upon ServiceNow obtaining any export license or other approval that may be required by relevant export control authorities.

From Fortune. ©2024 Fortune Media IP Limited. All rights reserved. Used under license.