Manager, Operational Risk

Remote UK

Contrast Security logo

Contrast Security

Unify security and development teams with one DevSecOps platform across the entire SDLC that increases accuracy, improves developer productivity, and scales for comprehensive software coverage.

View all employer listings

Find more jobs like this

Contrast Security named to Inc.'s “Best Workplaces of 2020”
Contrast Security is the world’s leading provider of security technology that enables software applications to protect themselves against cyberattacks, heralding the new era of self-protecting software. Contrast's patented deep security instrumentation is the breakthrough technology that enables highly accurate assessment and always-on protection of an entire application portfolio, without disruptive scanning or expensive security experts. Only Contrast has sensors that work actively inside applications to uncover vulnerabilities, prevent data breaches, and secure the entire enterprise from development, to operations, to production.
About The Position Reporting to the VP, Operational Risk, the Manager, Operational Risk will coordinate the overarching compliance program for the company. Emphasis will be on managing and coordinating the various functions under the Operational Risk purview such as company Policy, Vendor Governance and coordination between members of the Operational Risk team and the business. The individual will also be the primary point of contact for the company’s Risk/Vendor Assessments/RFPs in partnership with the Legal and the Security teams, working closely with our colleagues in Sales and Customer Success. This position is not location-specific but preference will be given to candidates in the US and the UK.


  • Ownership of Risk and Vendor Assessments and RFPs with existing and potential customers
  • Ownership of the company’s annual Risk Assessment and Business Impact Analysis
  • Ownership of the Policy and Procedure framework and coordination with internal business and policy owners related to policy modification, implementation of new policy, etc.
  • Partner with the other members of the Operational Risk team to ensure coordination of effort and deliverables against goals
  • Along with the Manager of GRC and the Data Privacy Manager, capture and analyze information to identify key risks and corresponding controls
  • Ownership of the Vendor Governance program; Initial partnership with Finance and Legal & Contracts via Procurement including Vendor Assessments and SOC/ISO report reviews, setting cadence for User Access Reviews, re-assessments, etc.
  • Effectively communicate opportunities for enhancement as well as risk to management in a detailed and organized format/process
  • Coordinate the Operational Risk training (new hire, annual – both employees and contractors – in partnership with Privacy, Information Security, IT, etc.)


  • At least 5 years of experience in Contracts, Risk Management, Compliance, Information Security, Compliance management, RFPs/Sales Desk and using GRC tools or automation for information gathering and reporting
  • Experience with supporting or leading the assessment and implementation of security controls in alignment with industry compliance and security standards and frameworks including one or more of the following: SOC 2 Type II, NIST, ISO 27001 and FedRAMP
  • Experience with compliance program tooling including Enterprise GRC management platforms, issue tracking solutions, cloud provider compliance services, Third Party Risk Management, etc.
  • Ability to provide technical guidance and leadership to professional personnel on matters concerning security governance
  • Strong communication skills. Ability to communicate complex information in a straightforward, pragmatic way to a variety of audiences, both verbally and in writing
  • Solid interpersonal skills and the ability to effectively communicate with a wide range of individuals and constituencies in a diverse community
  • Strong analytical skills, enabling sound evaluation of security and privacy requirements and translating them to right-sized security and privacy controls
  • Understanding of right-sizing “to scale and maturity level” of organization

  • We are focused on building a diverse and inclusive workforce. If you’re excited about this role, but do not meet 100% of the qualifications listed above, we encourage you to apply.

What We Offer

  • Competitive compensation
  • Medical, dental, vision benefits
  • 401(k)
  • Flexible paid time off
We are changing the world of software security. Do it with us.  We believe in what we do and are passionate about helping our customers secure their business.If you’re looking for a challenge and want to enjoy where you work, you’ll love Contrast Security.
Contrast Security is committed to a diverse and inclusive workplace. Contrast Security is an equal opportunity employer and our team is comprised of individuals from many diverse backgrounds, lifestyles, and locations.
By submitting your application, you are providing Personal Information about yourself (cover letter, resume, email address, etc.) and hereby give your consent for Contrast Security, Inc. and/or our HR-related Service Providers, to use this information for the purpose of processing, evaluating and responding to your application for current and future career opportunities. If you are a resident of the European Economic Area or are applying for a position in the European Economic Area, Contrast’s Privacy Statement reflects our policies around compliance with the General Data Protection Regulation (“GDPR”) and your rights respective to GDPR as a California resident, you are entitled to certain rights under CCPA: The California Consumer Privacy Act of 2018 (“CCPA”) will go into effect on January 1, 2020. Under CCPA, businesses must be overtly transparent about the personal information they collect, use, and store on California residents. CCPA also gives employees, applicants, independent contractors, emergency contacts and dependents (“CA Employee”) new rights to privacy.* We could support remote work in most states except Colorado.
Recruitment Agencies: Although we value the services you provide, at this time we are not accepting resumes from agencies, headhunters, or other suppliers who have not signed a formal agreement with us.
Job region(s): Europe
Job stats:  5  0  0

Explore more Remote Work and WFH career opportunities