Director, Security Trust & Risk at Anaplan

New York City, United StatesFull-timeInformation Security & PrivacyPosted 17 days ago

About the Role

<div class="content-intro">At Anaplan, we are a team of innovators focused on optimizing business decision-making through our leading AI-infused scenario planning and analysis platform so our customers can outpace their competition and the market. What unites Anaplanners across teams and geographies is our collective commitment to our customers’ success and to our Winning Culture. Our customers rank among the who’s who in the Fortune 50. Coca-Cola, LinkedIn, Adobe, LVMH and Bayer are just a few of the 2,400+ global companies who rely on our best-in-class platform. Our Winning Culture is the engine that drives our teams of innovators. We champion diversity of thought and ideas, we behave like leaders regardless of title, we are committed to achieving ambitious goals, and we love celebrating our wins – big and small. Supported by operating principles of being strategy-led, <a href="https://www.anaplan.com/careers/">values</a>-based and disciplined in execution, you’ll be inspired, connected, developed and rewarded here. Everything that makes you unique is welcome; join us and let’s build what’s next - together!</div>Anaplan seeks a Director of Security Trust, and Risk to be located near our NYC office. Your Impact  <ul> <li>Develop and execute a modern strategy for governance, risk, and compliance that empowers the company’s growth strategy and ambitions.  </li> <li>Uplift our governance, risk management, and assurance activities through a pragmatic implementation of automation and AI capabilities, championing an “automation first” mindset throughout the organization.  </li> <li>Build an industry-leading and customer-centric Trust program that leads with transparency. Collaborate with Sales, Marketing, and other functions to strengthen the tools, processes, and documentation required to instill confidence in the world’s largest organizations.  </li> <li>Translate complex regulatory and customer requirements into comprehensive, practical controls that improve the security and resiliency of our platform.  </li> <li>Sustain a best-in-class security and compliance posture with regard to key regulatory frameworks, customer requirements, and emerging threat actor tactics. Work closely with GTM to identify and pursue additional security certifications to reinforce Anaplan’s strong security posture and unlock revenue opportunities.  </li> <li>Use quantitative risk frameworks to pragmatically implement a continuous risk management program that integrates tightly with product development and engineering processes. </li> <li>Partner with engineering and product teams to track risk remediation with transparency and accountability. </li> <li>Lead external audits with a focus on simplicity, efficiency, and reuse of evidence. </li> <li>Work closely with Legal and Sales to review customer contract terms and requirements, ensuring Anaplan can deliver on its commitments in a scalable and cost-effective manner.  </li> <li>Drive ongoing security awareness training and instill a security-conscious mindset throughout Anaplan. </li> <li>Own our third-party risk management (TPRM) program, collaborating with Legal, Privacy, and Procurement to minimize supply chain risk. </li> </ul> Your Qualifications  <ul> <li>Hands-on experience at an enterprise software/SaaS business operating security trust and compliance programs that map to industry frameworks such as: SSAE18 (SOC1 and SOC2), ISO 27001, SOX 404 ITGCs, NIST CSF, 800-53, FedRAMP, & HITRUST.</li> <li>Hands-on experience translating framework requirements into practical and testable control objectives. </li> <li>Hands-on experience operating technology risk management programs, and applying quantitative risk analysis techniques (FAIR) and structured qualitative risk modeling. </li> <li>Strong understanding of modern public cloud and SaaS-based infrastructure, along with assurance automation and evidence collection using cloud APIs.  </li> <li>Enterprise customer-facing security and trust assurance experience, including stakeholder management. </li> <li>Auditing experience through scoping, evidence collection, testing, and remediation. </li> <li>Direct experience building and deploying control automations. </li> <li>Working knowledge of modern web application architecture, build and release methodologies, incident response, authentication strategies, data encryption, vulnerability management, third-party risk management, and security training. </li> </ul><div class="content-pay-transparency"><div class="pay-input"><div class="title">Base Salary Range:</div><div class="pay-range">$257,000—$348,000 USD</div></div></div><div class="content-conclusion">Our Commitment to Diversity, Equity, Inclusion and Belonging (DEIB) We believe attracting and retaining the best talent and fostering an inclusive culture strengthens our business. DEIB improves our workforce, enhances trust with our partners and customers, and drives business success. Build your career in a place where diversity, equity, inclusion and belonging aren’t just words on paper – this is what drives our innovation, it’s how we connect, and it contributes to what makes us a market leader. We believe in a hiring and working environment where all people are respected and valued, regardless of gender identity or expression, sexual orientation, religion, ethnicity, age, neurodiversity, disability status, citizenship, or any other aspect which makes people unique. We hire you for who you are, and we want you to bring your authentic self to work every day!  We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, perform essential job functions, and receive equitable benefits and all privileges of employment. Please contact us to request accommodation.   Fraud Recruitment Disclaimer   It has come to our attention that fraudulent and fictitious job opportunities are being circulated on the Internet. Prospective candidates are being contacted by certain individuals, mainly through telephone calls, emails and correspondence, claiming they are representatives of Anaplan. The main purpose of these correspondences and announcements is to obtain privileged information from individuals.   Anaplan does not:   <ul> <li>Extend offers to candidates without an extensive interview process with a member of our recruitment team and a hiring manager via video or in person.   </li> <li>Send job offers via email. All offers are first extended verbally by a member of our internal recruitment team whenever possible and then followed up via written communication.  </li> </ul> All emails from Anaplan would come from an @anaplan.com email address. Should you have any doubts about the authenticity of an email, letter or telephone communication purportedly from, for, or on behalf of Anaplan, please send an email to [email protected] before taking any further action in relation to the correspondence.     </div>

About the Role

Related Roles