Cohesity is the leader in AI-powered data security. Over 13,600 enterprise customers, including over 85 of the Fortune 100 and nearly 70% of the Global 500, rely on Cohesity to strengthen their resilience while providing Gen AI insights into their vast amounts of data. Formed from the combination of Cohesity with Veritas’ enterprise data protection business, the company’s solutions secure and protect data on-premises, in the cloud, and at the edge. Backed by NVIDIA, IBM, HPE, Cisco, AWS, Google Cloud, and others, Cohesity is headquartered in Santa Clara, CA, with offices around the globe.

We’ve been named a Leader by multiple analyst firms and have been globally recognized for Innovation, Product Strength, and Simplicity in Design , and our culture.

Want to join the leader in AI-powered data security?

We are looking for a detail-oriented and collaborative Security Governance Lead to head up the development and execution of Cohesity’s security governance initiatives. This role is ideal for someone with strong experience in cybersecurity, security governance, compliance, and policy management. The successful candidate will manage our Common Controls Framework, cyber security policies, partner in risk and compliance assessments, and support key governance processes across the organization.

Key Responsibilities

Own the maintenance and accuracy of the Cohesity Common Controls Framework.
Lead the development, maintenance, and communication of information security policies, standards, and procedures in line with industry best practices (e.g., NIST, ISO 27001).
Lead security governance activities including cyber policy lifecycle management, control mapping, and framework alignment.
Support internal and external audits by partnering with cyber-Compliance team.
Partner with stakeholders to maintain documentation and dashboards for compliance with regulatory and industry frameworks (e.g., ISO 27001, SOC 2, SOX, GDPR).
Track security metrics against KPIs to measure program effectiveness and support continuous improvement.
Collaborate with teams across Security, IT, Legal, Engineering, etc. to ensure alignment on security governance objectives.
Drive technology innovation in the Security Governance function to enable accurate real time monitoring and ensuring the program can scale with the growing company.

Required Qualifications

8+ years of experience in cybersecurity, IT governance, GRC, or related roles.
Foundational knowledge of security frameworks (e.g., NIST CSF, ISO 27001, CIS Controls).
Strong organizational and communication skills, with the ability to engage cross-functional stakeholders.
Understanding of risk and compliance principles as they relate to enterprise cybersecurity programs.
Bachelor's degree or equivalent experience in Cybersecurity, Information Security, Risk Management, audit or a related field.
Experience writing, maintaining, and implementing security policies, procedures, and standards.

Preferred Qualifications and Experience

Familiarity with audit processes and compliance requirements (e.g., SOC 2, ISO 27001, GDPR, HIPAA).
Experience with third-party risk management programs or vendor security assessments.
Exposure to risk or control assessments and control testing.
Industry certifications such as Security+, ISO 27001 Lead Implementer, or similar are desirable.
Knowledge of security governance in cloud-first, SaaS, or DevOps environments.

Role Attraction

This is a great opportunity for a rising security professional to take ownership of cyber security governance at a fast-growing, security-conscious tech company. You’ll gain experience across key areas of security governance while working alongside a skilled and collaborative cybersecurity team. This work will directly impact the continued success of Cohesity.

#LI-MS2

_Data Privacy Notice for Job Candidates:

For information on personal data processing, please see our_ Privacy Policy.

_Equal Employment Opportunity Employer (EEOE)

Cohesity is an Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, creed, religion, sex, sexual orientation, national origin or nationality, ancestry, age, disability, gender identity or expression, marital status, veteran status or any other category protected by law.

If you are an individual with a disability and require a reasonable accommodation to complete any part of the application process, or are limited in the ability or unable to access or use this online application process and need an alternative method for applying, you may contact us at 1-855-9COHESITY or_ [email protected] for assistance.

_In-Office Expectations

Cohesity employees who are within a reasonable commute (e.g. within a forty-five (45) minute average travel time) work out of our core offices 2-3 days a week of their choosing._

Interested candidates based outside of the designated areas are welcome to apply, provided they have the right to work in the job location.

Security Governance Lead

Key Responsibilities

Own the maintenance and accuracy of the Cohesity Common Controls Framework.

Lead the development, maintenance, and communication of information security policies, standards, and procedures in line with industry best practices (e.g., NIST, ISO 27001).

Lead security governance activities including cyber policy lifecycle management, control mapping, and framework alignment.

Support internal and external audits by partnering with cyber-Compliance team.

Track security metrics against KPIs to measure program effectiveness and support continuous improvement.

Collaborate with teams across Security, IT, Legal, Engineering, etc. to ensure alignment on security governance objectives.

Drive technology innovation in the Security Governance function to enable accurate real time monitoring and ensuring the program can scale with the growing company.

Required Qualifications

Foundational knowledge of security frameworks (e.g., NIST CSF, ISO 27001, CIS Controls).

Strong organizational and communication skills, with the ability to engage cross-functional stakeholders.

Understanding of risk and compliance principles as they relate to enterprise cybersecurity programs.

Experience writing, maintaining, and implementing security policies, procedures, and standards.

Preferred Qualifications and Experience

Experience with third-party risk management programs or vendor security assessments.

Exposure to risk or control assessments and control testing.

Industry certifications such as Security+, ISO 27001 Lead Implementer, or similar are desirable.

Knowledge of security governance in cloud-first, SaaS, or DevOps environments.

Role Attraction

Job Details

Tools & Tech

Security Governance Lead

Key Responsibilities

Own the maintenance and accuracy of the Cohesity Common Controls Framework.

Lead the development, maintenance, and communication of information security policies, standards, and procedures in line with industry best practices (e.g., NIST, ISO 27001).

Lead security governance activities including cyber policy lifecycle management, control mapping, and framework alignment.

Support internal and external audits by partnering with cyber-Compliance team.

Partner with stakeholders to maintain documentation and dashboards for compliance with regulatory and industry frameworks (e.g., ISO 27001, SOC 2, SOX, GDPR).

Track security metrics against KPIs to measure program effectiveness and support continuous improvement.

Collaborate with teams across Security, IT, Legal, Engineering, etc. to ensure alignment on security governance objectives.

Drive technology innovation in the Security Governance function to enable accurate real time monitoring and ensuring the program can scale with the growing company.

Required Qualifications

8+ years of experience in cybersecurity, IT governance, GRC, or related roles.

Foundational knowledge of security frameworks (e.g., NIST CSF, ISO 27001, CIS Controls).

Strong organizational and communication skills, with the ability to engage cross-functional stakeholders.

Understanding of risk and compliance principles as they relate to enterprise cybersecurity programs.

Bachelor's degree or equivalent experience in Cybersecurity, Information Security, Risk Management, audit or a related field.

Experience writing, maintaining, and implementing security policies, procedures, and standards.

Preferred Qualifications and Experience

Familiarity with audit processes and compliance requirements (e.g., SOC 2, ISO 27001, GDPR, HIPAA).

Experience with third-party risk management programs or vendor security assessments.

Exposure to risk or control assessments and control testing.

Industry certifications such as Security+, ISO 27001 Lead Implementer, or similar are desirable.

Knowledge of security governance in cloud-first, SaaS, or DevOps environments.

Role Attraction

Job Details

Tools & Tech