Security Governance Officer - Sonar Geneva / Annecy / Bochum / Austin / Remote Bookmark Share Print 211 0 1

Listing Description

Sonar’s industry-leading solution enables developers and development teams to write clean code and remediate existing code organically, so they can focus on the work they love and maximize the value they generate for businesses. Its open source and commercial solutions – SonarLint, SonarCloud, and SonarQube – support 29 programming languages. Trusted by more than 300,000 organizations globally, Sonar is considered integral to delivering better software.

The Impact you can have
SonarSource has an objective to ensure the security of our products and the security of our organization meet stringent standards to demonstrate to our rapidly growing customer base how seriously we take security. SonarSource holds an organization-wide ISO 27001 certification and is considering other certifications and standards.
To achieve this goal, we are looking for a talented security professional to join the team. You have extensive experience implementing security frameworks and managing the pre-audit and audit processes. You will continually raise the bar for our security processes, procedures, and controls to ensure that, across our cloud platform, our software delivery pipelines and our operational activities, are designed and implemented to levels that will satisfy independent audits.

On a daily basis, you will
  • Perform risk assessments and perform in-depth analyses of mitigating controls documenting the risk and reporting on status, gaps, and risk through key indices.
  • Operate compliance monitoring and improvement activities to ensure compliance with internal security policies and external regulations.
  • Liaise with all departments to assess compliance gaps, determine actions required to close them and track progress.
  • Perform security risk assessments for vendor management
  • Continuously improve the governance program with new information, policies, and documentation.
  • Maintain and continuously improve the Business Continuity processes.
  • Provide responses to customer information security due diligence questionnaires.
  • Provide support for internal and external audits and penetration tests.
  • Support information security awareness, training, and educational activities
  • Support internal security processes (e.g. Vulnerability Management)

    • The skills you will demonstrate
  • You have experience implementing and maintaining compliance to ISO 27001 and/or SOC 2 standards, including managing internal and external audits.
  • You have extensive knowledge of all IT disciplines, IT service management and delivery.
  • You have experience addressing IS issues in a broad range of IT infrastructures and technologies across a range of business environments.
  • You have experience with SaaS/Cloud technologies and on-premise software delivery.
  • You have experience working on cross-team projects across a global organization.
  • You have experience of risk assessing vulnerabilities and penetration test findings
  • You have excellent organizational and planning skills.
  • You have experience reporting and presenting project progress.
  • You are a friendly, enthusiastic, and organized team player. You actively share your knowledge, and give and receive feedback, to improve the team and yourself.  
  • You are fluent in English, both written and spoken.
    • Why you will love it here

    Safe work culture - we value respect, kindness, and the right to fail.
    Flexible hours - we schedule our days in order to be effective at work, while also being able to enjoy life’s important moments.
    Great people - we value people skills as much as technical skills and strive to keep things friendly and laid back. Still, that does not prevent us to be passionate leaders in our domains. Our 300+ SonarSourcers from 33 different nationalities can relate!
    Work-life balance - keeping a healthy work-life balance is important. This is why we have a hybrid work policy and some people prefer working some days from home.
    Always keep learning - in an ever-changing industry, learning new skills is a must, and we're happy to help our team to acquire them.

    What we do

    Sonar was started by a team of developers that wanted to change the way code is built in an agile development process. The company was created to develop the open-source tool SonarQube, which is now the standard in code quality management with over 350,000 instances deployed today. Every day we are focused on solving developers’ next big problem.

    Who we are

    At Sonar we believe in people, excellence, and delivery. We’re a team of problem solvers and overachievers who seek out others who are also passionate and relentless in their respective missions. We want to work with people who are ready to fasten their seat belts and be part of an incredible ride. We work hard not because we’re told to, but because we genuinely love what we do and do what we love. If there’s one main message we want you to remember about us, it’s that we push others to be best in class at whatever they do: choose your battle, innovate, take risks, and lead change. Join us; we’ll be smarter and stronger together.

    If this sounds like you, apply now!

    Listing Details

    • Citizenship: Not Provided
    • Incentives: Not Provided

     

    • Education: Not Provided
    • Travel: Not Provided
    • Telework: Not Provided

    About Us

    NinjaJobs is a community-run job platform developed by information security professionals. Our unique approach of focusing strictly on cybersecurity positions allows us to personalize the user experience.

    Useful Links

    Our Contacts

    1765 Greensboro Station Pl.
    Suite 900
    Tysons Corner Va 22102

    (703) 594-7765

    requests@ninjajobs.org
    www.ninjajobs.org
    Chat with us!