The Security Policy, Risk and Compliance Manager will be someone that has a passion for leading a team which evaluates Information Security risk to inform pragmatic policy, standards, and guidelines. This person will also be responsible for helping to design and iterate on security controls to address these risks in a way that helps empower and maintain Facebook's culture of rapid innovation.
In this role, you will stay informed about the dynamic regulatory landscape, industry trends and internal operations, and will communicate and drive delivery of innovative solutions for compliance at scale. This position requires a mix of broad business and technical acumen with strong people-management skills, the ability to inspire and influence decisions around security risk management, and a polished ability to communicate with key executives, external regulators, and the public.
SECURITY POLICY, RISK AND COMPLIANCE MANAGER RESPONSIBILITIES
Support the team to develop and communicate policies, procedures, guidelines, and plans to internal stakeholders regarding security and risk management.
Create robust, scalable programs to deliver policy and compliance objectives in product areas and general technical infrastructure.
Design, implement, maintain, and improve programs to address key company risks and prepare internal teams for independent assessments against a wide variety of regulatory and compliance frameworks.
Find practical solutions to standardize and scale across Facebook.
Provide robust assurance of the operational effectiveness of our compliance controls.
Define metrics to track program progress and maturity for various stakeholders.
Improve controls for internal systems, processes, and policies.
Collaborate with internal teams and external auditors throughout compliance assessments.
Understand technical implementation details necessary to assess general and situational Information Security risk.
Responsible for the development and oversight of required mitigation plans relating to information security risk and policy exceptions.
Experience in Information Security policy development and risk management at tech companies.
Knowledge of pragmatic security controls across all security domains such as access management, encryption methods, vulnerability management, network security, etc.
Demonstrated leadership experience working and communicating at executive levels.
Experience developing and producing security metrics and reports that are meaningful and actionable across various audiences.
Conceptual, critical thinking, and sound judgment with strategic orientation and experience performing tactically.
Experience providing technical knowledge appropriate to delivery of security protections.
Experience in technical concepts similar to cloud computing environments: logical access control, agile development process, secure coding principles, security architecture, information security, network security, and privacy.
Excellent project management skills.
Eagerness to learn new things and discover emerging and new data trends.
Great attention to detail with excellent leadership and problem-solving skills.
Facebook's mission is to give people the power to build community and bring the world closer together. Through our family of apps and services, we're building a different kind of company that connects billions of people around the world, gives them ways to share what matters most to them, and helps bring people closer together.
Whether we're creating new products or helping a small business expand its reach, people at Facebook are builders at heart. Our global teams are constantly iterating, solving problems, and working together to empower people around the world to build community and connect in meaningful ways. Together, we can help people build stronger communities we're just getting started.
Facebook is committed to providing reasonable accommodations for qualified individuals with disabilities and disabled veterans in our job application procedures. If you need assistance or an accommodation due to a disability, you may contact us at email@example.com.