Block is one company built from many blocks, all united by the same purpose of economic empowerment. The blocks that form our foundational teams — People, Finance, Counsel, Hardware, Information Security, Platform Infrastructure Engineering, and more — provide support and guidance at the corporate level. They work across business groups and around the globe, spanning time zones and disciplines to develop inclusive People policies, forecast finances, give legal counsel, safeguard systems, nurture new initiatives, and more. Every challenge creates possibilities, and we need different perspectives to see them all. Bring yours to Block.

The Data Security Governance team collaborates with cross-functional teams (Security, Counsel, Engineering, Industry Relations, and Product teams) to ensure Block products can launch anywhere in the world, while maintaining compliance with industry, partner, and regulatory information security standards, requirements, and obligations. As a Cybersecurity Risk Manager, you will drive the execution of Block’s Cybersecurity Risk Governance program which entails cybersecurity policy governance, risk management and controls validation.

You will report to the Cybersecurity Risk Governance Lead and collaborate with teams across Block as you contribute to the evolution of various governance programs across business units to enable Block to take principled risks. This is a second line of defense role focused on internal maintenance and validation of the infosec control environment.

You will:

• Drive the maintenance and continuous improvement of a common controls library across the ecosystem, linking controls to risks, regulatory compliance programs, and business requirements
• Champion maturity assessments and control validation for each BU and centrally for the foundational teams
• Partner with stakeholders to develop relevant security governance processes based on sound risk assessment exercises
• Support the adoption, evolution, and continuous improvement of a GRC
• Develop an approach to automate risk signal collection, enrichment, and translation from multiple disparate sources across centralized Block
• Collaborate with cross-functional 1st-line teams (engineering, product, others) to provide security risk analysis and consultation to integrate risk scenarios and treatment into the product lifecycle
• Setup process to automate control monitoring, testing, and notification of control effectiveness
• Work with stakeholders to manage the prioritization and execution of risk-reduction activities across Business Units
• Provide domain and subject matter expertise in partnership with engineering teams towards the creation of governance documentation 
• Improve and optimize existing risk assessment frameworks that monitor cybersecurity risks across all Business Units, using both quantitative and qualitative methodologies
• Lead risk assessments and control validation for multiple Business Units. Develop and prepare risk and control metrics, reports & executive dashboards
• Proactively work to balance the needs of the 1st-line business teams and the need for regulatory compliance
• Drive risk mitigation and control improvement actions identified from various security and risk management initiatives
• Support the maturation of various 2nd line of defense security functions
• Work with stakeholders to conduct in-depth research on in-house systems, services, and infrastructure in order to be provide accurate and objective risk management advisory
• Support the creation of governance documentation and technical specification based on internal policies, procedures, best practices, standards, and frameworks to support risk management, compliance, and audit efforts

You have:

• 8+ years of experience in developing, managing & supporting Cybersecurity Risk programs  for technology-focused companies 
• Experience in setting up and leading the implementation of information systems governance standards and frameworks
• Experienced in integrating cybersecurity risk management and control frameworks
• Familiarity with GRC solutions, tools, platforms and ERM processes
• Familiarity with using data visualization tools with the ability to develop risk and control charts, dashboards, and reports
• Familiarity with industry security, audit, and privacy standards, frameworks, and regulations (e.g., NIST RMF, ISO27001, PCI DSS, GDPR, COBIT, AICPA Trust Principles (SOC 2/3),  NIST CSF, CCPA, SCF)
• Relevant Industry certifications (e.g., MoR, CISSP, CRISC, CISA, CISM)

Block takes a market-based approach to pay, and pay may vary depending on your location. U.S. locations are categorized into one of four zones based on a cost of labor index for that geographic area. The successful candidate’s starting pay will be determined based on job-related skills, experience, qualifications, work location, and market conditions. These ranges may be modified in the future.

Zone A: USD $202,500 - USD $247,500
Zone B: USD $192,400 - USD $235,200
Zone C: USD $182,300 - USD $222,800
Zone D: USD $172,200 - USD $210,400

US and Canada EEOC Statement

We’re working to build a more inclusive economy where our customers have equal access to opportunity, and we strive to live by these same values in building our workplace. Block is a proud equal opportunity employer. We work hard to evaluate all employees and job applicants consistently, without regard to race, color, religion, gender, national origin, age, disability, pregnancy, gender expression or identity, sexual orientation, citizenship, or any other legally protected class. 

We believe in being fair, and are committed to an inclusive interview experience, including providing reasonable accommodations to disabled applicants throughout the recruitment process. We encourage applicants to share any needed accommodations with their recruiter, who will treat these requests as confidentially as possible. Want to learn more about what we’re doing to build a workplace that is fair and square? Check out our I+D page.

Additionally, we consider qualified applicants with criminal histories for employment on our team, and always assess candidates on an individualized basis.

Perks

We want you to be well and thrive. Our global benefits package includes:

• Healthcare coverage
• Retirement Plans
• Employee Stock Purchase Program
• Wellness perks
• Paid parental leave
• Paid time off
• Learning and Development resources

Block, Inc. (NYSE: SQ) is a global technology company with a focus on financial services. Made up of Square, Cash App, Spiral, TIDAL, and TBD, we build tools to help more people access the economy. Square helps sellers run and grow their businesses with its integrated ecosystem of commerce solutions, business software, and banking services. With Cash App, anyone can easily send, spend, or invest their money in stocks or Bitcoin. Spiral (formerly Square Crypto) builds and funds free, open-source Bitcoin projects. Artists use TIDAL to help them succeed as entrepreneurs and connect more deeply with fans. TBD is building an open developer platform to make it easier to access Bitcoin and other blockchain technologies without having to go through an institution.