Postman is the world's leading API platform.
software • APIs • API development • Saas • API Management
June 27
🏢 In-office - San Francisco
Postman is the world's leading API platform.
software • APIs • API development • Saas • API Management
• Conduct comprehensive risk assessments to identify information security risks, potential threats, and vulnerabilities resulting from business operations. • Conduct Field Security Analytics • Develop and implement risk management strategies and frameworks to mitigate identified risks. • Continuously monitor and evaluate the effectiveness of risk mitigation measures. • Collaborate with IT, legal, compliance, and other departments to ensure cohesive and comprehensive risk management practices. • Communicate risk findings, mitigation strategies, and security requirements to stakeholders, including senior management. • Develop and present detailed reports on risk assessments, including identified threats, vulnerabilities, and the effectiveness of implemented mitigation measures. Ensure these reports are understandable to technical and non-technical stakeholders, including senior management. • Regularly review and update Postman's policy and procedural documentation to reflect current industry best practices and compliance standards, ensuring the Security Assurance team's activities are aligned with organizational goals. • Take an active role and work in concert with IT Procurement and Legal in the design, management, and maturation of Third-Party Risk Management and vendor management • Contribute to significant compliance projects to integrate and uphold standards such as ISO 27001/27701, HIPAA, NIST, FedRAMP, GDPR, CCPA, and SOC 2, ensuring Postman's alignment with regulatory and contractual obligations. • Foster collaboration with business leaders and technical teams to identify, evaluate, and manage security risks and controls, recommending strategies for mitigation and improvement to support Postman's growth and sales enablement. • Serve as a mentor and key point of escalation within the team, providing expert guidance, resolving complex issues, and promoting a culture of security awareness and risk management across the organization. • Leverage extensive technical knowledge and communication skills to effectively interact with engineers and technologists, providing clear guidance and recommendations on security and compliance best practices. • Demonstrate a process-oriented, results-driven approach to compliance engineering, employing effective problem-solving and communication skills to serve as a subject matter expert and trusted advisor within Postman.
• Minimum of ten years of experience in cybersecurity governance, risk management, and compliance • Relevant certifications such as CRISC, CISSP, CISM, or CISA is a plus • Knowledge and experience with risk management frameworks, including NIST RMF, FAIR, and ISO • Experience with GRC programs, including ISO 27001, HIPAA, and FedRAMP, preferably in a Cloud/SaaS environment • Proficient in technical knowledge related to management information systems, audits, and internal controls • Self-motivated and organized, with a proven ability to meet deadlines • Excellent interpersonal skills and the ability to build relationships across departments and cultures
• Full medical coverage • Flexible PTO • Wellness reimbursement • Monthly lunch stipend
Apply Now