Security Risk Lead

Fastly helps people stay better connected with the things they love. Fastly’s edge cloud platform enables customers to create great digital experiences quickly, securely, and reliably by processing, serving, and securing our customers’ applications as close to their end-users as possible — at the edge of the Internet. The platform is designed to take advantage of the modern internet, to be programmable, and to support agile software development. Fastly’s customers include many of the world’s most prominent companies, including GitHub, Yelp, Paramount, and JetBlue. We're building a more trustworthy Internet. Come join us.Security Risk Lead  Fastly helps people stay better connected with the things they love. Fastly’s edge cloud platform enables customers to create great digital experiences quickly, securely, and reliably by processing, serving, and securing our customers’ applications as close to their end-users as possible — at the edge of the Internet. The platform is designed to take advantage of the modern internet, to be programmable, and to support agile software development. Fastly’s customers include many of the world’s most prominent companies, including Vimeo, Pinterest, The New York Times, and GitHub. We're building a more trustworthy Internet. Come join us. Posting Open Date: May 4, 2026 Anticipated Posting Close Date*:  July 4, 2026 *Job posting may close early due to the volume of applicants. Security Risk Lead As the Security Risk Lead, you will be at the center of all things security risk-related. Your goal is to take complex security data and turn it into clear, actionable risk stories for Senior Leadership. You will help Fastly understand not just that risks exist, but influence leaders to understand why it matters and what needs to be prioritized versus dropped. You’ll diagnose problems at the source, working with stakeholders from Security, Engineering, Compliance, and the rest of the organization to redesign our internal systems and make our environment more secure. Fastly believes that security is everyone’s responsibility and you will empower all of Fastly to live up to that responsibility. You will right-size Fastly’s existing security policies and standards so they are as lean and high-performing as our technology. You will be supported by a friendly security team, where you can learn and develop. We check our egos at the door. You’ll make sure our customers benefit from a service built to the highest security standards in the industry. We pride ourselves in our involvement in the larger security community and encourage our team to present at network and security conferences and participate in the open source community. We are a distributed security team with the commitment and tools in place to make it work. What You’ll Do Lead targeted security risk assessments across the organization, proactively identifying gaps and risks which pose a threat to the safety and security  Analyze risk data to identify patterns of deficiencies and collaborate with Security Architects, Product Owners, Engineering, and Senior Leaders to propose new, or challenge existing, mitigation plans  Own and evolve the systems that track our risk decisions and mitigations; ensuring we have visibility into the greatest areas of concern, where we need to buy down more risk, and to keep our mitigation plans on track with the committed timelines  Oversee relevant Risk Committees to identify and discuss systemic and cross-functional security risks, influencing Senior Leaders across Fastly to commit to mitigation plans Design metrics and reporting to give Senior Leadership a pulse check on our security posture, highlighting exactly where we need to invest Maintain Fastly’s core security policies and standards, balancing industry best practices with our risk appetite  Support the assessment and maintenance of our third party risk within Fastly’s vendor landscape  What We’re Looking For At Fastly we value a diversity of voices. The following is not a laundry list, but to be effective in this role you should possess some of the following and an interest in learning more about the rest: 6+ years of relevant experience and a Bachelor’s degree in Management Information Systems, Computer Science, or a related field Proven leadership in security strategy, including influencing organizational direction, and embedding a security-first mindset across teams Extensive experience dissecting complex environments to find risks that actually matter; ability to communicate technical vulnerabilities in a manner that adequately portrays the magnitude of the risk to technical and non-technical stakeholders  Ability to translate risks into actionable security controls  Working knowledge (either as a control owner or assessor) of various frameworks and industry standards, such as: NIST CSF, ISO 27001, PCI DSS, and OWASP Top 10 Experience crafting security policies and standards that take into account a company’s unique operating environment while still meeting security best practices  Ability to interpret internal security controls and requirements to assess and manage risk associated with third party vendors    Excellent communication and collaboration skills, capable of engaging with both technical teams and non-technical stakeholders at all levels to articulate risks, trade-offs, and security recommendations Experience using governance, risk management, and compliance (GRC) tools preferred Work Hours:  This position will require you to be available during core business hours. Work Location(s) & Travel Requirements:  This position is open to Hybrid And Remote Work Locations.The preferred locations for this position are: San Francisco, CA New York, NY Denver, CO Remote United States or Canada (Eastern Standard Time preferred)  Fastly currently embraces a largely hybrid model for most roles which allows employees flexibility to split their time between the office and home.   There is a strong preference for Hybrid