Staff Security Risk and Compliance Program Manager (Business Resilience)

Job description

**Location:**
Remote, United States
**Employment Type:**
FullTime
**Location Type:**
Remote
**Department**
Engineering
**Compensation:**
$213.2K – $250.5K • Offers Equity
_At Confluent, we are committed to providing competitive pay and benefits that are in line with industry standards.

We analyze and carefully consider several factors when determining compensation, including work history, education, professional experience, and location.

The actual pay may vary depending on your skills, qualifications, experience, and work location.

In addition, Confluent offers a wide range of employee benefits.

To learn more about our benefits click_ here (https://confluentbenefits.com) _._
**Overview**
We’re not just building better tech.

We’re rewriting how data moves and what the world can do with it.

With Confluent, data doesn’t sit still.

Our platform puts information in motion, streaming in near real-time so companies can react faster, build smarter, and deliver experiences as dynamic as the world around them.
It takes a certain kind of person to join this team.

Those who ask hard questions, give honest feedback, and show up for each other.

No egos, no solo acts.

Just smart, curious humans pushing toward something bigger, together.
One Confluent.

One Team.

One Data Streaming Platform.
**About the Role:**
We are seeking a highly motivated and experienced **Staff Security Risk & Compliance Program Manager - Business Continuity & Resilience** to join our Trust & Security team.

This senior role is responsible for the overall design, development, maturity, and maintenance of Confluent enterprise-wide Business Continuity Management (BCM), Disaster Recovery (DR), and Organizational Resilience programs.

You will lead cross-functional efforts to ensure our critical business functions and supporting infrastructure can withstand and rapidly recover from significant disruptive events, aligning our resilience posture with regulatory requirements and business objectives.
**What You Will Do:**
**Strategy and Leadership:** Own the strategic direction and roadmap for the integrated Business Continuity, Disaster Recovery, and Resilience program across the enterprise.

Drive the evolution of the program maturity model.
**Business Impact Analysis (BIA) & Risk Assessment:** Lead the execution of comprehensive, regular **Business Impact Analysis (BIA)** sessions with business unit leaders to identify and document critical functions, interdependencies, Recovery Time Objectives (RTOs), and Recovery Point Objectives (RPOs).

Partner with Risk Management to integrate resilience findings into the corporate risk register.
**Plan Development & Maintenance:** Oversee the development, review, and continuous improvement of all BCM plans, including departmental plans, crisis management playbooks, communication strategies, and technology recovery plans (DR).

Ensure plans meet industry standards and regulatory expectations.
**Testing and Validation:** Design, coordinate, and lead complex, full-scale **resilience testing and validation exercises** (e.g., tabletop exercises, simulation drills, functional tests) across technology and business teams.

Develop clear objectives, conduct post-test analysis, and manage the remediation of identified gaps.
**Governance and Reporting:** Establish and maintain the program governance framework.

Develop key performance indicators (KPIs) and metrics to regularly report on the state of organizational resilience to executive leadership, the Board, and regulatory bodies.
**Integration with GRC:** Ensure the BCM program is tightly integrated with other GRC domains, particularly Third-Party Risk Management (TPRM), including vetting third-party resilience capabilities.
**Regulatory Compliance:** Stay current on relevant industry best practices (e.g., ISO 22301, NIST) and regulatory requirements (e.g., financial sector resilience rules) to ensure program compliance.
**What You Will Bring:**
+ **Experience** : 8+ years of experience in Business Continuity, Disaster Recovery, or Organizational Resilience roles, with at least 3 years managing an enterprise-level program in a tech company.
+ **Technical Skills** :
+ Experience in helping company achieve ISO 22301
+ Deep expertise in conducting and analyzing Business Impact Analyses (BIA) and developing detailed recovery strategies.
+ Proven ability to design and execute complex, cross-functional continuity and disaster recovery test scenarios.
+ Strong knowledge of and experience in all facets of integrated security governance, risk, and compliance management.
+ Strong security engineering fundamentals background in infrastructure security controls in GCP, AWS, Azure, and/or web application security
+ **Tooling and automation:** Experience with integrating BCM processes or findings into the GRC platform.
+ **Program Management Skills:**
+ Strong project management and organizational skills.
+ Exceptional analytical and problem-solving skills, with a data-driven approach to decision-making.
+ Experience in running long-term, complex security programs that deliver iterative improvements and risk reduction.
+ **Communication and Collaboration skills** :
+ Excellent written and verbal communication skills.

The ability to influence and lead without direct authority.

Detail-oriented with a strong analytical mindset.
+ Excellent ability to articulate complex technical concepts and program statuses to executive-level audiences and technical teams.
**Ready to build what's next?

Let’s get in motion.**
**Come As You Are**
Belonging isn’t a perk here.

It’s the baseline.

We work across time zones and backgrounds, knowing the best ideas come from different perspectives.

And we make space for everyone to lead, grow, and challenge what’s possible.
We’re proud to be an equal opportunity workplace.

Employment decisions are based on job-related criteria, without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, or any other classification protected by law.

Required Skill Profession

Other General