Senior Information Security Risk Specialist



Prague, Czechia
Posted on Friday, June 21, 2024

About Us:

SentinelOne is defining the future of cybersecurity through our XDR platform that automatically prevents, detects, and responds to threats in real-time. Singularity XDR ingests data and leverages our patented AI models to deliver autonomous protection. With SentinelOne, organizations gain full transparency into everything happening across the network at machine speed – to defeat every attack, at every stage of the threat lifecycle.

We are a values-driven team where names are known, results are rewarded, and friendships are formed. Trust, accountability, relentlessness, ingenuity, and OneSentinel define the pillars of our collaborative and unified global culture. We're looking for people that will drive team success and collaboration across SentinelOne. If you’re enthusiastic about innovative approaches to problem-solving, we would love to speak with you about joining our team!

What are we looking for?

We are looking for a highly motivated, collaborative and experienced Sr. InfoSec Risk Specialist with a security focused mindset who can balance risk, business drivers and timelines. This position will be responsible for understanding and supporting the design of SentinelOne's organizational, procedural and technological security controls within the context of the security frameworks applicable to SentinelOne. In addition, you will be responsible for identifying and testing appropriate controls to ensure they are designed, implemented, and operating effectively to mitigate risk. The selected employee will help implement, automate, document and maintain controls while supporting and responding to inquiries from internal and external stakeholders. This individual must be self-directed and be able to work independently and collaboratively.

What will you do?

  • Support the planning and performance of IT risk-based security audits and projects, risk assessments, execution of fieldwork and communication to stakeholders.
  • Help in evaluating relevant global standards, compliance frameworks and regulations to analyze existing controls; identify areas for improvement; and design control growth.
  • Collaborate with process and control owners through the audit lifecycle for process documentation updates, testing coordination, remediation of identified deficiencies and advising on internal control enhancements or process changes, as appropriate.
  • Proactively manage audit findings, tracking and documentation of status updates obtained via action owners, and timely execution of remediation activities.
  • Participate in internal security and compliance program and track recurring controls, such as ISO 27001/27002, 27701, 27018, SSAE 18 SOC 2.
  • Provide control consultative support to the business to assist in redesign efforts to improve the control environment and identify opportunities for control improvements with the objective of mitigating risk and improving compliance and operational performance.
  • Help support internal/external audits and evidence collection via a GRC tool.
  • Document new and update existing policies, procedures, standards and resources
  • Help support customer security reviews, RFPs and external security and privacy inquiries.
  • Participate in defining, collecting and tracking various Security Metrics.

What skills and knowledge are required?

  • 5+ years of experience working in information security, risk or compliance
  • Experience working with Security Controls across at least some of the following domains: Access Management, Encryption, Risk Management, Network Security, Configuration Management, Patch Management, Change Management, Awareness & training, BC/DRP, etc.
  • Ability to perform internal audits with minimal direct supervision, exhibit professional audit judgment and have experience in a broad range of audit projects such as ISO 27001/27002, 27701, 27018, SSAE 16/18 SOC 2, ISO 27001/2, NIST
  • Strong risk management experience, performing assessments and audits, designing controls, managing enterprise control frameworks, and prioritizing risk.
  • Strong project management skills and ability to manage a variety of projects simultaneously to completion within the agreed timelines.
  • Excellent collaboration and interpersonal skills. Must be able to communicate with all levels in the organization.
  • Ability to communicate effectively, in writing and verbally, to target audiences, including customers, partners, auditors, executive management, vendors, and peers
  • Experience working with both technical and non-technical teams
  • Ability and desire to understand the intent of requirements and provide effective recommendations
  • Ability to prioritize in a highly dynamic work environment

Preferred Qualifications:

  • Advanced degree in computer science, Information Technology, Information Security or related field
  • Experience with, and strong understanding of common Security Compliance frameworks, controls, and best practices such as ISO 27001/27002, 27701, 27018, COSO, SOC 2, SOX ITGC, GDPR, PCI, NIST and other applicable regulatory compliance frameworks
  • Relevant certifications ( ISO 27001 LA/LI, CISA, CISM, CISSP, CRISC, etc.)
  • Ability to assess and pragmatically define scope and relevant controls
  • Strong desire to learn and continuously develop and deepen technical skills

Why us?

You will work on real-world problems and make an impact by protecting our customers from cyber threats. You will be joining a cutting-edge project and will be able to influence the architecture, design, and structure of our core platform. You will tackle extraordinary challenges and work with the very BEST in the industry.

On top of that we offer you

  • Flexible working hours, In Prague & nearby we're working in a hybrid model with offices in Karlin (brand new Missouri Park), remotely in the rest of CZ or SK, with optional Brno offices (Clubco Vlněna) for those who like to meet
  • Generous employee stock plan in the form of RSUs (restricted stock units) not options; 4 years vesting with 1-year cliff and then quarterly
  • Yearly bonus depending on the performance of the company, paid out in 2 installments
  • Flexible Time Off (on top of the standard 5 weeks of vacation)
  • Flexible Paid Sick Days
  • Fully Paid Short Term Sick/Short Term Nursing Leave
  • Global gender-neutral Parental Leave (16 weeks, beyond the leave provided by the local laws) & Grandparent Leave
  • Volunteering paid day off & Additional paid Company holidays off (e.g. 4 days in 2022)
  • Pension insurance contribution
  • Premium Life Insurance covered by S1
  • Monthly Meal & Wellbeing Allowance
  • Private medical care membership
  • High-end MacBook or Windows laptop, Home-office-setup gear & on top of that additional WFH Allowance
  • Udemy Business platform for Hard/Soft skills Training, internal mentoring 'MentorOne' & Support for your further educational activities/trainings
  • Above-standard referral bonus
  • On top of RSUs, you can benefit also from our attractive ESPP (employee stock purchase plan)
  • Refreshments and snacks at the offices
  • Optional company events for those who like to meet outside of work too (sport, BBQ, charity etc.)
  • DEI&B programs that promote employee resource groups like SentinelWIN (Women Inclusion Network), Blk@S1, Latinos@S1, Pan-Asian@S1, Out@S1 (LGBTQIA+) and Sentinels Who Served

SentinelOne is proud to be an Equal Employment Opportunity and Affirmative Action employer. We do not discriminate based upon race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics.

SentinelOne participates in the E-Verify Program for all U.S. based roles.