2

Remote Security Risk Assessment Jobs in California

Assess, prioritize, and communicate security risks across the business * Develop third-party risk management strategies and enterprise risk reporting programs * Policy & Governance * Manage the ...

Security Engineer

South San Francisco, CA ยท On-site +1

$194K - $268K/yr

... to reduce security risk * 4 years of experience with containerization and orchestration ... Full remote work permitted. Multiple Positions Available. Additional benefits for this role may ...

Security Engineer

South San Francisco, CA ยท On-site +1

$194K - $268K/yr

... to reduce security risk * 4 years of experience with containerization and orchestration ... Full remote work permitted. Multiple Positions Available. Additional benefits for this role may ...

Security Engineer

South San Francisco, CA ยท On-site +1

$194K - $268K/yr

... to reduce security risk * 4 years of experience with containerization and orchestration ... Full remote work permitted. Multiple Positions Available. Additional benefits for this role may ...

next page

Showing results 1-20

Remote Security Risk Assessment information

What are the key skills and qualifications needed to thrive as a Remote Security Risk Assessor, and why are they important?

To thrive as a Remote Security Risk Assessor, you need expertise in cybersecurity principles, risk analysis, and a relevant degree or certifications such as CISSP, CISM, or CRISC. Familiarity with tools like vulnerability scanners, security information and event management (SIEM) systems, and risk assessment frameworks (e.g., NIST, ISO 27001) is essential. Strong analytical thinking, communication skills, and attention to detail help in accurately identifying and communicating risks to stakeholders. These skills and qualities are vital to ensure organizations can proactively mitigate threats and maintain robust security postures in remote or distributed environments.

What is the difference between Remote Security Risk Assessment vs Cybersecurity Analyst?

AspectRemote Security Risk AssessmentCybersecurity Analyst
CredentialsCertifications like CISSP, CISA, CISMCertifications like CompTIA Security+, CISSP, CEH
Work EnvironmentRemote or on-site, focusing on risk evaluationRemote or on-site, focusing on security monitoring and incident response
Industry UsageUsed in risk management, compliance, and audit contextsUsed in security operations, threat analysis, and incident handling

Remote Security Risk Assessments and Cybersecurity Analysts both require security certifications and often work in similar environments. However, risk assessors focus on evaluating vulnerabilities and compliance, while analysts handle ongoing security monitoring and incident response. Understanding these differences helps organizations assign the right roles for their security needs.

What is a Remote Security Risk Assessment?

A Remote Security Risk Assessment is a process where security professionals evaluate an organization's security risks, vulnerabilities, and threats without being physically present on-site. This assessment is typically conducted through virtual meetings, digital questionnaires, and remote access to systems and documentation. The goal is to identify potential security gaps and recommend improvements to protect sensitive data and systems from cyber threats. Remote assessments have become increasingly popular due to their flexibility, cost-effectiveness, and ability to serve organizations regardless of location.

What are some common challenges faced by professionals in remote security risk assessment roles?

Professionals in remote security risk assessment often encounter challenges such as limited on-site visibility, reliance on digital communication, and the need to assess complex IT environments from afar. Effective collaboration with on-site staff and stakeholders is essential to gather accurate information and implement recommendations. Additionally, staying up-to-date with evolving cybersecurity threats and maintaining clear documentation are vital for success in this role.
What are the most commonly searched types of Security Risk Assessment jobs in California? The most popular types of Security Risk Assessment jobs in California are:
What are popular job titles related to Remote Security Risk Assessment jobs in California? For Remote Security Risk Assessment jobs in California, the most frequently searched job titles are:
What job categories do people searching Remote Security Risk Assessment jobs in California look for? The top searched job categories for Remote Security Risk Assessment jobs in California are:
What cities in California are hiring for Remote Security Risk Assessment jobs? Cities in California with the most Remote Security Risk Assessment job openings:
Governance Risk and Compliance

Governance Risk and Compliance

Figma

San Francisco, CA โ€ข On-site, Remote

Other

Posted 6 days ago


Job description

Figma's GRC team helps build and maintain trust with our users, regulators, business partners, and the organizations that rely on Figma every day. We partner across the company to strengthen security, manage risk, maintain compliance, and scale the programs that support our continued growth.

We're growing our team and looking for security, risk, and compliance professionals across several disciplines. Whether your expertise is in compliance, risk management, governance, GRC tooling, or customer trust, you'll have the opportunity to build programs, improve processes, and help shape how Figma scales security and trust.

Roles we hire for on this team:

  • Compliance Management
    • Lead compliance and certification programs across security and regulatory frameworks
    • Manage audit cycles, partner with external assessors, and drive audit readiness initiatives
    • Improve controls, processes, and evidence management practices across the organization
  • Security Risk Management
    • Build and maintain risk and controls frameworks that support Figma's security posture
    • Assess, prioritize, and communicate security risks across the business
    • Develop third-party risk management strategies and enterprise risk reporting programs
  • Policy & Governance
    • Manage the lifecycle of organizational security policies, standards, and procedures
    • Drive policy awareness and stakeholder engagement across the company
    • Ensure governance practices align with regulatory requirements and business objectives
  • GRC Platforms & Enablement
    • Select, implement, and optimize GRC platforms and supporting workflows
    • Scale evidence collection, reporting, and program management capabilities
    • Identify opportunities to automate and streamline GRC operations
  • Customer Trust
    • Support customer trust and business enablement activities across the sales lifecycle
    • Manage security knowledge bases, customer-facing documentation, and trust publications
    • Respond to customer security inquiries, audits, and questionnaires

This is a full time role that can be held from one of our US hubs or remotely in the United States.ย 

What you'll do at Figma:
  • Lead compliance programs across frameworks such as SOC 2, ISO 27001, FedRAMP, SOX ITGC, GDPR, and NIS2
  • Manage external audits and certification activities while partnering with auditors and assessors
  • Build and maintain risk and controls frameworks, including common control frameworks that support multiple certifications
  • Conduct risk and gap assessments and drive remediation efforts across technical and business stakeholders
  • Improve control effectiveness and operational efficiency through rationalization and process optimization
  • Implement and optimize GRC platforms that scale evidence collection and program management
  • Maintain security policies and governance processes that align with organizational risk objectives
  • Support customer trust initiatives, including security questionnaires, audits, and customer-facing security communications

We'd love to hear from you if you have:

  • 4+ years of experience in information security, compliance, risk management, or a related field
  • Hands-on experience supporting security and compliance frameworks such as SOC 2, ISO 27001, FedRAMP, PCI-DSS, or SOX ITGC
  • Experience leading or supporting audits and partnering with external assessors
  • Demonstrated ability to conduct assessments, drive remediation efforts, and manage cross-functional initiatives
  • Exceptional written and verbal communication skills across technical, business, and executive audiences
  • Demonstrated ability to improve processes, manage competing priorities, and build strong cross-functional partnerships

While it's not required, it's an added plus if you also have:

  • Operated in a public company environment with SOX ITGC requirements
  • Supported FedRAMP authorization, SSP development, 3PAO coordination, or continuous monitoring activities
  • Earned security or risk certifications such as CISA, CISSP, CISM, or CRISC
  • Implemented or administered GRC platforms such as Vanta, Drata, or similar tools
  • Scaled security, compliance, or risk programs in a high-growth environment

At Figma, one of our values is Grow as you go. We believe in hiring smart, curious people who are excited to learn and develop their skills. If you're excited about this role but your past experience doesn't align perfectly with the points outlined in the job description, we encourage you to apply anyways. You may be just the right candidate for this or other roles.