Security Governance Lead
Posted 1 day 3 hours ago by Madrona Venture Labs
We are looking for a detail-oriented and collaborative Security Governance Lead to head up the development and execution of Cohesity's security governance initiatives. This role is ideal for someone with strong experience in cybersecurity, security governance, compliance, and policy management. The successful candidate will manage our Common Controls Framework, cyber security policies, partner in risk and compliance assessments, and support key governance processes across the organization.
Key Responsibilities- Own the maintenance and accuracy of the Cohesity Common Controls Framework.
- Lead the development, maintenance, and communication of information security policies, standards, and procedures in line with industry best practices (e.g., NIST, ISO 27001).
- Lead security governance activities including cyber policy lifecycle management, control mapping, and framework alignment.
- Support internal and external audits by partnering with cyber-Compliance team.
- Partner with stakeholders to maintain documentation and dashboards for compliance with regulatory and industry frameworks (e.g., ISO 27001, SOC 2, SOX, GDPR).
- Track security metrics against KPIs to measure program effectiveness and support continuous improvement.
- Collaborate with teams across Security, IT, Legal, Engineering, etc. to ensure alignment on security governance objectives.
- Drive technology innovation in the Security Governance function to enable accurate real time monitoring and ensuring the program can scale with the growing company.
- 8+ years of experience in cybersecurity, IT governance, GRC, or related roles.
- Foundational knowledge of security frameworks (e.g., NIST CSF, ISO 27001, CIS Controls).
- Strong organizational and communication skills, with the ability to engage cross functional stakeholders.
- Understanding of risk and compliance principles as they relate to enterprise cybersecurity programs.
- Bachelor's degree or equivalent experience in Cybersecurity, Information Security, Risk Management, audit or a related field.
- Experience writing, maintaining, and implementing security policies, procedures, and standards.
- Familiarity with audit processes and compliance requirements (e.g., SOC 2, ISO 27001, GDPR, HIPAA).
- Experience with third party risk management programs or vendor security assessments.
- Exposure to risk or control assessments and control testing.
- Industry certifications such as Security+, ISO 27001 Lead Implementer, or similar are desirable.
- Knowledge of security governance in cloud first, SaaS, or DevOps environments.
This is a great opportunity for a rising security professional to take ownership of cyber security governance at a fast growing, security conscious tech company. You'll gain experience across key areas of security governance while working alongside a skilled and collaborative cybersecurity team. This work will directly impact the continued success of Cohesity.
Data Privacy Notice for Job Candidates: For information on personal data processing, please see our Privacy Policy.
Equal Employment Opportunity Employer (EEOE). Cohesity is an Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, creed, religion, sex, sexual orientation, national origin or nationality, ancestry, age, disability, gender identity or expression, marital status, veteran status or any other category protected by law. If you are an individual with a disability and require a reasonable accommodation to complete any part of the application process, or are limited in the ability or unable to access or use this online application process and need an alternative method for applying, you may contact us at 1-855-9COHESITY or for assistance.
In Office Expectations: Cohesity employees who are within a reasonable commute (e.g. within a forty five (45) minute average travel time) work out of our core offices 2 3 days a week of their choosing.
Interested candidates based outside of the designated areas are welcome to apply, provided they have the right to work in the job location.