Senior Trust & Assurance Program Manager
Top focus
We’re not just building better tech. We’re rewriting how data moves and what the world can do with it. With Confluent, data doesn’t sit still. Our platform puts information in motion, streaming in near real-time so companies can react faster, build smarter, and deliver experiences as dynamic as the world around them.
It takes a certain kind of person to join this team. Those who ask hard questions, give honest feedback, and show up for each other. No egos, no solo acts. Just smart, curious humans pushing toward something bigger, together. One Confluent.
One Team. One Data Streaming Platform
About The Role
The Office of the CISO (OCISO) is part of Confluent’s Trust and Security organization and its mission is to earn and retain trust by championing Confluent’s security, privacy, resilience, and compliance positions, thereby accelerating customer adoption and use of our platform and products.
We are looking for an individual who will partner with Confluent's customers to ensure that we build the most trustworthy platform that meets security, compliance, and privacy requirements. Success in this role will be finding the best solution not only with the current technologies and practices we currently have on hand, but defining new opportunities for product development, customer engagement strategy, audit and access transparency, and field enablement.
While this role will engage with leadership frequently, we also expect the individual in this role to roll up their sleeves to get things done. The OCISO Trust Lead will “lead by influence”, and oversee and drive trust (security, privacy, resilience and compliance) related customer engagements and interactions.
The APAC OCISO Trust Lead will partner cross-functionally with Sales, Customer Solutions Group, Product, Engineering and Legal teams to provide assurance to customers on Confluent’s security and compliance posture, enable contract reviews and negotiations, and drive externally facing communications with customers.
This position is a remote-based position
What You Will Do
- Drive execution of customer trust engagements and interactions to provide context about Confluent's security and compliance posture and negotiate security terms when necessary Propose and partner with product, engineering
- security teams to design security and compliance solutions and frameworks to meet customer requirements Coach and mentor field and security staff on customer security needs and requirements Be a subject matter expert for the company around customer security assurance
- develop and demonstrate POVs on important existing and emerging regulatory positions impacting cloud service adoption Build and scale key internal capabilities and programs required to drive customer enablement interactions Maintain relations with internal teams such as Sales, CSG, Product, Engineering and Legal to drive and enable programs required to build trust with customers What You Will Bring: Bachelor’s degree required plus a minimum of 8 years’ experience in Information Security and Compliance Customer-facing experience at a cloud provider or consulting firm Experience at a cloud or SaaS provider or as a customer of a cloud or SaaS provider with complex & demanding security and compliance requirements Experience with a combination of the following: ISO 27001, HITRUST, SOC2, CSA, NIST, etc.
- Architectural familiarity across multiple security domains (e.g., identity and access management, data protection, network security, cloud infrastructure) with the ability to synthesize across domains and recommend practical solutions to complex customer security problems Proven experience independently managing customer trust and assurance engagements end-to-end — from initial scoping and security questionnaires through assessment completion and negotiation — with minimal supervision.
- Understanding of digital sovereignty requirements relevant to Cloud adoption What Gives You an Edge: Current Security CISSP, CIPP, CISA, CISM
- equivalent certification completed Excellent verbal and written communication, organizational
- planning skills Knowledge and understanding of GDPR, SOC2, ISO 27001, HIPAA, HITRUST, CSA, NIST, C5
- other regulatory security and privacy standards in APAC (such as OSPAR, IRAP) Experience with industry (Financial Services, Public Sector, etc.) specific regulatory requirements impacting cloud adoption such as GDPR
- other APAC security, privacy and compliance standards and regulations (e.g. from Financial Services regulators such as APRA, MAS, RBI, FSA, OJK, HKMA, etc.) Prior experience reviewing and negotiating security clauses within customer contracts a plus Demonstrated ability to assess the broader risk implications of customer security engagements
- to proactively structure work in a way that reduces risk exposure for both the customer and Confluent.
- Familiarity with emerging AI/ML security and governance considerations, including data pipeline security, model risk, and evolving regulatory expectations around AI in cloud environments.
- Ability to work and lead programs independently Experience working with distributed teams and other cross-functional stakeholders Ready to build what's next?
- Come As You Are Belonging isn’t a perk here.
- We work across time zones and backgrounds, knowing the best ideas come from different perspectives.
- And we make space for everyone to lead, grow, and challenge what’s possible.
- We’re proud to be an equal opportunity workplace.
- Employment decisions are based on job-related criteria, without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status
- any other classification protected by law.
- Privacy Statement Confluent is an IBM subsidiary which has been acquired by IBM and will be integrated into the IBM organization.
- By proceeding with this application, you understand that Confluent will share your personal information with other IBM affiliates involved in your recruitment process, wherever these are located.
- More Information on how IBM protects your personal information, including the safeguards in case of cross-border data transfer, are available here .