Senior Manager Risk Management and 3rd Party Trust

Security and Risk Management San Jose, California

Join us as we pursue our disruptive new vision to make machine data accessible, usable and valuable to everyone. We are a company filled with people who are passionate about our product and seek to deliver the best experience for our customers. At Splunk, we’re committed to our work, customers, having fun and most importantly to each other’s success. Learn more about Splunk careers and how you can become a part of our journey!


Splunk is the leader in big data, machine learning analytics with a significant presence in the cyber security market. This position provides leadership to the Cyber Risk Management and Third Party Trust functions. Risk management is a core function of Splunk’s Cyber Security team and this role is responsible for identifying and assessing Splunk’s cyber risk, communicating risk to the Risk Owners and supporting them as they decide how to address the risk they own. Business areas supported include Splunk’s Cloud product, IT operations and corporate functions. In addition to handling internal cyber risk this role also provides Leadership to handling third party risk including vendor risk management and customer security due diligence. The success of the risk program is realized by how effective the organization enables risk owners to handle their risk.

This Leadership position partners closely with Product Security, Physical Security and Corporate Risk functions representing cyber risk as a part of an integrated corporate risk program. This includes representing cyber risk across Splunk business units, defining and executing corporate level governance of risk and managing & representing residual cyber risk to Splunk Executive Staff. Two Senior Managers will report into this role.


  • You will provide advice to business & technology users on (1) understanding of relevant Technology Risk policies and standards and (2) principles of security & controls as defined by Splunk’s Technology Risk and Control Framework, and (3) adoption of secure and resilient solutions
  • You will perform risk assessments to identify gaps in compliance to information security (application and infrastructure) & BCP standards and policies, for both internal technology solutions as well as solutions provided by third-party service providers, ensuring critical and high priority issues are identified and resolved
  • You will develop and maintain risk identification functions including, but not limited to, formal risk assessments, vendor risk assessments, findings from compliance assessments, and policy exceptions
  • You will participate in global, regional and local Technology Risk initiatives aimed at improving our baseline on information protection, resiliency and controls of technology processes and services
  • You will provide clear and concise verbal and written recommendations and guidance to both business and technology staff on matters of Cyber Risk Management
  • You will enable Risk Owners to make informed decisions about handling to a risk target including understanding of the findings that they need to address, options for risk treatment plans and current levels of residual risk
  • You will support the Sales organization in responding to customer security inquires
  • You will support business partners in making informed risk based decisions when selecting 3rd party partners


  • You have the ability to assess problems and challenges from multiple perspectives, assess the feasibility of the approach and decide on course of action
  • You are able to align business partners to a point of view building commitment to the outcomes, goals, objectives
  • You can translate business strategy into goals / objectives that drive the scope of a program and engage Sr Leaders to take ownership of their team’s contributions
  • You have the ability to communicate data, facts, and outcomes of analysis that inform business strategy, operations and execution
  • You understand how risk impacts business operations, revenue, brand equity, and customer confidence

If you have:

  • 10 or more years of technology experience in one or more of the following areas: Information Security, Technology Governance, Operational Risk, Technology Audit, Technology Infrastructure or Application Development.
  • Direct experience in Information Security, Technology Controls or Technology Risk Management fields.
  • Understanding of the technology implications of additional global and regional regulations is also beneficial.
  • Working understanding of Risk Analysis and Risk Management methodologies
  • Good program and project management skills and technology expertise
  • Ability to work effectively as part of the regional and global Technology Risk team, serving a large diverse Technology community
  • Infrastructure security knowledge in Windows Server, Desktop OS and applications, Unix/Linux OS, Storage, Networking hardware and protocols, Market Data, Databases and Exchange Connectivity, Remote Access, Firewall and IDS/IPS technology, Voice and Audio Visual platforms, and experience in configuration and vulnerability management an advantage
  • Understanding of the business functions and the Technology role in a product and cloud provider environment a significant advantage
  • Strong analytical & communication skills
  • Ability to handle both time and workload of multiple tasks without constant supervision as part of a distributed team
  • Demonstrated consistent ability to lead cross-functional teams that deliver solutions while mitigating or removing hurdles / obstacles
  • BS/ BA, MS/ MA degree or equivalent work experience
  • Eligible to work in the United States without company sponsorship

We value diversity at our company. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or any other applicable legally protected characteristics in the location in which the candidate is applying.

For job positions in San Francisco, CA, and other locations where required, we will consider for employment qualified applicants with arrest and conviction records.

Thank you for your interest in Splunk!