Adobe
The Opportunity
The Adobe Security Risk & Governance team is seeking a hardworking security professional to be at the forefront of Adobe's security governance and policy strategy. This role is pivotal to ensure that cybersecurity practices are aligned with Adobe's business objectives, regulatory requirements, and industry standards, while also effectively managing and mitigating risks to information assets and technology infrastructure. You will have the opportunity to drive 1) strategic oversight and alignment across the Security organization and 2) technology policy development and enforcement across the Adobe enterprise. This is an opportunity to have a significant impact on Adobe's security posture. What You Will Do
Provide the strategic vision, and drive maturity of, the Security Governance and Policy program at Adobe Manage the end-to-end lifecycle of all Adobe Technology Policies and Standards. Ensure Policies and Standards are aligned to a centralized governing strategy that includes key input from Security Architecture, Adobe Common Controls Framework (CCF), Cyber Operations, and Product Security. Manage the timely renewal efforts of all Technology Policies and Standards ensuring all regulatory and audit requirements for renewal are met. Head the Policy Operating Committee and provide routine status reports to the Policy Steering Committee. Lead Policy and Standard content creation through clear, concise, and measurable standards. Lead efforts to transform Policies and Standards into metrics that can be measured to determine enforcement level, noted exceptions, and potential risk areas. Collaborate with data owners and metric teams to develop monitoring metrics for the Governance program. Manage and provide oversight of the Security Exceptions process. Find opportunities for the Governance program to raise potential risks and become a proactive input into the risk management function. What You Need To Succeed
Bachelor's or postgraduate degree in computer science, cyber security, information systems, information technology, or a related field with equivalent experience. 8+ years in information security with experience in security governance, strategy, and policy management. Industry Certifications such as CISSP, CISM, CGRC, CRISC, CompTIA SecurityX, and/or CISA. Deep technical expertise in a variety of environments (i.e., AWS, Azure, GCP, metal) and domain areas (e.g., Cloud Security, Identity and Access Management, Security Monitoring and Logging, Vulnerability Management). Build and maintain positive multi-functional business relationships Clear communication skills and an ability to adapt a message to audiences ranging from technology SMEs to product managers to executive leadership teams. Ability to solve problems and work through ambiguity and uncertainty. Attention to detail balanced with the ability to absorb large amounts of information and distill it down to the essentials. Must be able to communicate clearly and assertively while ensuring partners meet deadlines and complete the work. Familiarity with Industry and Regulatory frameworks (e.g., NIST, SOC2, FedRAMP, ISO, PCI, HIPAA, etc.) Technical writing experience a plus. Our compensation reflects the cost of labor across several U.S. geographic markets, and we pay differently based on those defined markets. The U.S. pay range for this position is $106,300 -- $223,000 annually. Pay within this range varies by work location and may also depend on job-related knowledge, skills, and experience. Your recruiter can share more about the specific salary range for the job location during the hiring process. At Adobe, for sales roles starting salaries are expressed as total target compensation (TTC = base + commission), and short-term incentives are in the form of sales commission plans. Non-sales roles starting salaries are expressed as base salary and short-term incentives are in the form of the Annual Incentive Plan (AIP). In addition, certain roles may be eligible for long-term incentives in the form of a new hire equity award. Adobe will consider qualified applicants with arrest or conviction records for employment in accordance with state and local laws and "fair chance" ordinances. If this role is open to hiring in Colorado, the application window will remain open until at least the date and time stated above in Pacific Time, in compliance with Colorado pay transparency regulations. It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability. Adobe aims to make Adobe.com accessible to any and all users. If you have a disability or special need that requires accommodation to navigate our website or complete the application process, email accommodations@adobe.com or call (408) 536-3015.
The Adobe Security Risk & Governance team is seeking a hardworking security professional to be at the forefront of Adobe's security governance and policy strategy. This role is pivotal to ensure that cybersecurity practices are aligned with Adobe's business objectives, regulatory requirements, and industry standards, while also effectively managing and mitigating risks to information assets and technology infrastructure. You will have the opportunity to drive 1) strategic oversight and alignment across the Security organization and 2) technology policy development and enforcement across the Adobe enterprise. This is an opportunity to have a significant impact on Adobe's security posture. What You Will Do
Provide the strategic vision, and drive maturity of, the Security Governance and Policy program at Adobe Manage the end-to-end lifecycle of all Adobe Technology Policies and Standards. Ensure Policies and Standards are aligned to a centralized governing strategy that includes key input from Security Architecture, Adobe Common Controls Framework (CCF), Cyber Operations, and Product Security. Manage the timely renewal efforts of all Technology Policies and Standards ensuring all regulatory and audit requirements for renewal are met. Head the Policy Operating Committee and provide routine status reports to the Policy Steering Committee. Lead Policy and Standard content creation through clear, concise, and measurable standards. Lead efforts to transform Policies and Standards into metrics that can be measured to determine enforcement level, noted exceptions, and potential risk areas. Collaborate with data owners and metric teams to develop monitoring metrics for the Governance program. Manage and provide oversight of the Security Exceptions process. Find opportunities for the Governance program to raise potential risks and become a proactive input into the risk management function. What You Need To Succeed
Bachelor's or postgraduate degree in computer science, cyber security, information systems, information technology, or a related field with equivalent experience. 8+ years in information security with experience in security governance, strategy, and policy management. Industry Certifications such as CISSP, CISM, CGRC, CRISC, CompTIA SecurityX, and/or CISA. Deep technical expertise in a variety of environments (i.e., AWS, Azure, GCP, metal) and domain areas (e.g., Cloud Security, Identity and Access Management, Security Monitoring and Logging, Vulnerability Management). Build and maintain positive multi-functional business relationships Clear communication skills and an ability to adapt a message to audiences ranging from technology SMEs to product managers to executive leadership teams. Ability to solve problems and work through ambiguity and uncertainty. Attention to detail balanced with the ability to absorb large amounts of information and distill it down to the essentials. Must be able to communicate clearly and assertively while ensuring partners meet deadlines and complete the work. Familiarity with Industry and Regulatory frameworks (e.g., NIST, SOC2, FedRAMP, ISO, PCI, HIPAA, etc.) Technical writing experience a plus. Our compensation reflects the cost of labor across several U.S. geographic markets, and we pay differently based on those defined markets. The U.S. pay range for this position is $106,300 -- $223,000 annually. Pay within this range varies by work location and may also depend on job-related knowledge, skills, and experience. Your recruiter can share more about the specific salary range for the job location during the hiring process. At Adobe, for sales roles starting salaries are expressed as total target compensation (TTC = base + commission), and short-term incentives are in the form of sales commission plans. Non-sales roles starting salaries are expressed as base salary and short-term incentives are in the form of the Annual Incentive Plan (AIP). In addition, certain roles may be eligible for long-term incentives in the form of a new hire equity award. Adobe will consider qualified applicants with arrest or conviction records for employment in accordance with state and local laws and "fair chance" ordinances. If this role is open to hiring in Colorado, the application window will remain open until at least the date and time stated above in Pacific Time, in compliance with Colorado pay transparency regulations. It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability. Adobe aims to make Adobe.com accessible to any and all users. If you have a disability or special need that requires accommodation to navigate our website or complete the application process, email accommodations@adobe.com or call (408) 536-3015.