Security Governance Officer

Full time

Job Description

Why should I Apply:

At Sonar, we’re a group of brilliant, motivated, and driven professionals working hard to help organizations build responsible, secure, high-quality code quickly and systematically. We build solutions that don’t just solve symptoms of problems – we fix problems at the source – source code, to be specific.

We have a dynamic culture with employees worldwide and hub offices in the USA, Switzerland, the UK, Singapore, and Germany. We believe team members should have the opportunity to come to work every day, work on a product they are proud of, love what they do, and feel energized by their peers. With our roots deep in the open source community, we’re all about the mission: provide solutions that deliver Clean Code.

The impact you can have

We have a primary goal to ensure the security of our products and the security of our organization meet stringent standards to demonstrate to our rapidly growing customer base how seriously we take security. We have an exciting business agenda ahead and want to continue building customer trust by strengthening our security profile, ensuring a zero-trust architecture, and expanding our suite of independent certifications. Sonar has been ISO 27001 certified since 2022, and we are now pursuing SOC2 Type 2.To achieve this goal, we are seeking a talented security governance professional to join the Security Governance team. You will have extensive experience implementing security governance frameworks and managing audit processes. You will raise the bar for our security processes, procedures, and controls across our organization, ensuring they are designed and implemented to levels that will bring value to the organization and satisfy an independent audit. As part of a team-based organization, your contributions will impact the growth of our business via Sonar’s “collective intelligence” mindset.

 

On a daily basis, you will

  • Formalize the security controls objectives, testing framework, and measurements.
  • Perform the controls testing and identify improvement activities to ensure compliance with internal security policies and external regulations.
  • Liaise with all departments to assess the compliance gaps, determine the remediation actions to close them, and track and report progress.
  • Contribute to the implementation of the trust service principles required for SOC compliance and auditing of the systems and processes to obtain SOC2 reports.
  • Contribute to the continuous improvement of the ISO 27001 Information Security Management System.
  • Perform security risk assessments, perform in-depth analysis, design mitigating security controls, and document the gaps and actions.
  • Design, generate, or source metrics, providing status reports on gaps, exceptions, and risks through key indices.
  • Deliver information security awareness campaigns, training, and educational activities.
  • Contribute to decision-making processes to be aligned with business security objectives and risk tolerance.
  • Contribute to aligning information security with business goals.
  • Basis the learnings from internal and external assessments, measuring information security against internal policies and procedures to raise the bar of the overall information security program.
  • Contribute to the Business Continuity, Disaster Recovery, Vulnerability Management and Application Security processes.

 

The skills you will demonstrate

  • You have at least 5 years of Security Governance, managing security risk, implementing and testing controls.
  • You have experience implementing and maintaining compliance with ISO 27001 standards and/or the SOC trust principles.
  • You have experience managing internal and external audits through careful preparation and post-audit activities.
  • You have experience working with GRC tools or Trust Center equivalents.
  • You have experience addressing Information Security issues in a broad range of IT disciplines, infrastructures, and technologies.
  • You have experience with SaaS/Cloud technologies and on-premise software delivery.
  • You have experience working on cross-team projects across a global organization.
  • You have experience reporting and presenting operational activity and project progress.
  • You are a friendly, enthusiastic, and organized team player. You actively share your knowledge and give and receive feedback to improve the team and yourself.  
  • You are fluent in English, both written and spoken.
Why you will love it here:

Our culture and mission set us apart. We have a dynamic work culture that values respect and kindness – and embraces the right to fail (and get right back up again!). We believe that the best idea wins and everyone has a voice.
We believe that great people make a great company. We value people skills as much as technical skills and strive to keep things friendly and laid-back while still being passionate leaders in our domains. Our 550+ SonarSourcers from 33 different nationalities can relate!
We embrace work-life balance. It is important to maintain a healthy work-life balance. This is why we have a flexible work policy that includes remote and in-office hybrid work (minimum three days a week in the office - Monday/Tuesday/Thursday).
We have a growth mindset. We love to learn and believe that continuous education is critical to our success. In an ever-changing industry, new skills are a must, and we're happy to help our team acquire them.


We prioritize Diversity, Equity, and Inclusion:

At Sonar, we are a global workforce and recognize the value of different backgrounds, and global cultures.

We are committed to creating a diverse work environment and are proud to be an equal-opportunity employer. All qualified applicants will be considered for employment without regard to race, colour, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status.

All offers of employment at Sonar are contingent upon the clear results of a comprehensive background check conducted prior to the start date.