At SentinelOne, we’re redefining cybersecurity by pushing the limits of what’s possible—leveraging AI-powered, data-driven innovation to stay ahead of tomorrow’s threats.
From building industry-leading products to cultivating an exceptional company culture, our core values guide everything we do. We’re looking for passionate individuals who thrive in collaborative environments and are eager to drive impact. If you’re excited about solving complex challenges in bold, innovative ways, we’d love to connect with you.
What are we looking for?We are looking for a highly motivated, collaborative, and experienced Sr. InfoSec Risk Specialist (GRC) with a security throughout mindset who can balance risk, business drivers, and timelines. Reporting to the Director of Governance, Risk & Compliance, this position will be responsible for understanding and supporting the design of SentinelOne's organizational, procedural and technological security controls within the context of the security frameworks applicable to SentinelOne.
What will you do? Help in evaluating relevant global standards, compliance frameworks, and regulations to analyze existing controls; identify areas for improvement; and design control growth Participate in internal security and compliance program and track recurring controls, such as NIST CSF, SSAE 18, SOC 2, ISO 27001/27002, PCI-DSS, etc Help configure, update, and manage the GRC platform Help with performing Security Risk assessments Help support internal/external audits and evidence collection Document new and update existing policies, procedures, standards, and resources Participate in the Security awareness program, train personnel on data security & privacy-related processes and responsibilities Participate in the information security pre-sales and post-sales support cycle Help review and respond to customer security questionnaires, RFPs/RFIs and external security and privacy inquiries Maintain and keep up-to-date pre-sales packet - knowledge base of all security-related questions and responses Work with the legal team to review and respond to information security requirements in customer MSAs/contracts/SOWs Participate in defining, collecting, and tracking various Security Metrics What skills and knowledge should you bring? 3+ years of experience working in information security or compliance ● Working experience with ISO 27001, SSAE 16/18, SOC 2, PCI-DSS, GDPR, NIST and other applicable regulatory compliance frameworks Experience working with Security Controls across at least some of the following domains: Access Management, Encryption, Risk Management, Network Security, Configuration Management, Patch Management, Change Management, Awareness & training, BC/DRP, etc. Ability to balance risk, potential impact, resourcing, business drivers, and timelines Ability to work closely with cross-functional stakeholders Ability to communicate effectively, in writing and verbally, to target audiences, including customers, partners, auditors, executive management, vendors, and peers ● Experience working with both technical and non-technical teams Ability and desire to understand the intent of requirements and provide effective recommendations Ability to prioritize in a highly dynamic work environment Preferred Qualifications: Bachelor’s degree in computer science, information technology, or information security Relevant certifications (e.g., ISO 27001 LA/LI, CISA, CISM, CISSP, CEH, CCSK, etc.) Ability to assess and pragmatically define scope and relevant controls Strong desire to learn and continuously develop and deepen technical skillsSentinelOne is proud to be an Equal Employment Opportunity and Affirmative Action employer. We do not discriminate based upon race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics.
SentinelOne participates in the E-Verify Program for all U.S. based roles.