Sonar - Information Security Risk Manager
Upload My Resume
Drop here or click to browse · Tap to choose · PDF, DOCX, DOC, RTF, TXT
Responsibilities
• The primary goal of the Information Security team is to build trust with our rapidly growing customer base by ensuring the Sonar organization meets a high level of security to protect our customers. As a member of the Information Security team, you will be based in Sonar’s Austin office leading specific domains of our security risk management program. You will also support security incidents from time to time as needed. Your positive contributions will significantly impact the growth of the business through Sonar’s “collective intelligence” mindset. • Strategic Risk Intake & Governance: Own and evolve the security intake process end-to-end, utilizing advanced AI prompting to categorize, prioritize, and route complex security requests based on organizational risk tolerance. Set the technical standards and process frameworks that define how risk intake operates across the domain. • End-to-End Remediation Management: Partner with Engineering, Business, and Technology leaders to drive the mitigation of security findings. You will support ambiguous risk problems — from identification and quantification to final verification of controls — driving them to resolution and ensuring outcomes align with strategic goals. • Advanced AI Prompt Engineering: Develop and refine complex prompts and automated workflows using LLMs to streamline risk assessments, automate compliance reporting, and generate high-fidelity security metrics. Establish best practices and reusable patterns that elevate the AI capabilities of the broader team. • Framework & Compliance Oversight: Manage and maintain security risk and control frameworks (e.g., NIST, ISO 27001, SOC2). Ensure all security initiatives are aligned with cross-domain compliance requirements and proactively drive process improvements that strengthen the organization's compliance posture. • Security Initiative Leadership: Act as the primary project lead for assigned security initiatives, ensuring they are delivered on time, within scope, and aligned with the broader InfoSec roadmap. Take part in critical, high-impact technical and strategic decisions, proactively influencing cross-functional teams to achieve ambitious objectives. • Customer Interaction: Manage and participate in a clear process to provide clear security answers to our customers and internal users. This includes information on our Trust Center and also meeting with customers to provide required information. • Coaching & Cross-Functional Quality: Coach and mentor team members and cross-functional colleagues on complex problem-solving, risk management methodologies, and security best practices. Take ownership of broader cross-functional execution and quality standards to raise the bar across the InfoSec program. • We Value Diversity, Equity, and Inclusion:
Benefits
• At Sonar, we’re a group of brilliant, motivated, and driven professionals working hard to help supercharge developers to build better, faster. Sonar helps to continuously improve code quality and code security while reducing developer toil. This means that developers can focus on doing more of what they love and less of what they don’t. Our solutions don’t just solve symptoms of problems – we help fix issues at the source – for all code, whether it's developer-written, AI-generated, or from third parties. • We have a dynamic culture with employees worldwide and hub offices in the USA, Switzerland, the UK, Singapore, and Germany. Team members should be able to come to work every day, work on a product they are proud of, love what they do, and feel energized by their peers. With our roots deep in the open source community, we’re all about the mission: supercharge developers to build better, faster. • We Value Diversity, Equity, and Inclusion:
No credit card. Takes 10 seconds.