The Team
Security Compliance is seen as a critical business function at Cloudflare. Compliance certifications allow our customers to be confident in the security and privacy of our products, while also providing frameworks for well-tuned information security management systems and programs. These standards provide clarity to Cloudflare’s teams on how to incorporate security principles in the management of systems, the development of products, and the expansion of our business footprint. The Security Compliance team also works with the Legal team to implement Cloudflare’s security regulatory obligations, including working closely with cybersecurity regulators around the world.
This is an opportunity to join a rapidly scaling and world class security organization within a billion dollar business. You will join as a member of the Security and Privacy Validations Team. This team is part of GRC and is part of the greater Security Team.
We guarantee that you will be challenged and have room for growth on our team!
What you'll do
- Work cross-functionally with Legal, Public Policy, and the broader Security team to build and mature Cloudflare’s Security Regulatory Compliance program in the APJC region
- Implement security and privacy compliance requirements across the organization to meet regulatory compliance standards
- Advise security teams on new and upcoming regulatory directives in security and privacy compliance.
- Assist in the development and maintenance of security and privacy compliance validations including:
- Conducting organizational gap assessments and provide technical guidance on remediation of the issues identified
- Maintaining and improving Cloudflare’s Common Control Framework to align with applicable regulations
- Provide input into the overall security and privacy compliance strategy
Examples of desirable skills, knowledge and experience
- At least 3 years working in Security Compliance, Privacy Compliance, regulatory compliance, or a similar field
- Ability to analyze security and privacy directives or regulations across countries and industries
- Working understanding of cybersecurity and privacy regulations (e.g. Australia’s Security of Critical Infrastructure and Privacy Acts; Japan’s Act on the Protection of Personal Information and andBasic Act on Cybersecurity; South Korea’s Personal Information Protection and Network Acts; Singapore’s Cybersecurity Act and Personal Data Protection Act)
- Experience with cloud security architectures and technologies
- Ability to work efficiently and independently in a fast-paced, innovative environment
- Ability to work closely with auditors, regulators, and internal stakeholders and articulate technical concepts
- Ability to speak Korean is a plus
- Experience working with one or more security or privacy standards, frameworks, or certifications such as ISO 27001,NIST 800-53, ISMAP, IRAP is a plus
- Experience in auditing of network, operating system, and application security is a plus
- Some travel may be required to engage with regulators, auditors, or to engage with Cloudflare stakeholders in our San Francisco or other global Cloudflare locations
