
Asana · San Francisco
At Asana, security is foundational to our mission of helping teams work together effortlessly. Our security team protects Asana's employees, users, and customer...
At Asana, security is foundational to our mission of helping teams work together effortlessly. Our security team protects Asana's
employees, users, and customers by proactively addressing threats, ensuring compliance, and fostering a culture of security
throughout our product and operations.
As the Security Risk Manager, you will own Asana's internal security risk management program end-to-end. This is a senior role for
someone who goes beyond frameworks and checklists — you will engineer the quantitative and automated foundations that let Asana
continuously measure and make confident decisions about security risk. You'll build the systems and processes that make risk
scalable, not just the policies that describe it, and serve as a trusted advisor to senior leadership.
This role is based in our San Francisco office with an office-centric hybrid schedule. The standard in-office days are Monday,
Tuesday, and Thursday. Most Asanas have the option to work from home on Wednesdays. Working from home on Fridays depends on the
type of work you do and the teams with which you partner. If you're interviewing for this role, your recruiter will share more
about the in-office requirements
What you'll achieve
scoring methodologies, likelihood and impact modeling, and risk appetite thresholds — that enables consistent, data-driven risk
decisions across the organization.
time, and driving accountability for risk treatment and remediation with business and technical owners.
surface security risks — pulling signals from vulnerability scanners, cloud security tooling, SIEMs, and third-party risk
sources — so Asana's risk posture is always current and not dependent on manual review cycles.
probability, potential impact, cost of control vs. cost of breach, and residual risk exposure — to inform investment and
prioritization decisions.
Influence security investment decisions and build a culture of risk awareness across the company.
About you
back up risk ratings with numbers, not just color codes.
monitoring — you've built things, not just directed others to build them.Deep knowledge of security frameworks including NIST
CSF, NIST SP 800-30, ISO 27001, SOC 2, and FedRAMP.
teams.
productivity and decision-making.
At Asana, we're committed to building teams that include a variety of backgrounds, perspectives, and skills. If you're interested
in this role and don't meet every listed requirement, we still encourage you to apply.
What we'll offer
For this role, the estimated base salary range is between $194,000–$220,000. The actual base salary will vary based on various
factors, including market and individual qualifications objectively assessed during the interview process.
In addition to base salary, your compensation package may include equity and benefits. If you're interviewing for this role, speak
with your Talent Acquisition Partner to learn more.
We strive to provide equitable and competitive benefits packages that support our employees worldwide and include:
#LI-Hybrid
About us
Asana is a leading platform for human + AI collaboration. Millions of teams around the world rely on Asana to achieve their most
important goals, faster. Asana has been named to Fortune's Best Workplaces for 7+ years and recognized by Fast Company, Forbes,
and Gartner for excellence in workplace culture and innovation. We offer an exceptional office-centric culture while adopting the
best elements of hybrid models to ensure that every one of our global team members can work together effortlessly. With 13+
offices all over the world, we are always looking for individuals who care about building technology that drives positive change
in the world and a culture where everyone feels that they belong.
Join Asana’s Talent Network to stay up to date on job opportunities and life at Asana.
Figma is growing our team of passionate creatives and builders on a mission to make design accessible to all. Figma’s platform helps teams bring ideas to life—whether you're brainstorming, creating a prototype, translating designs into code, or iterating with AI. From idea to product, Figma empowers teams to streamline workflows, move faster, and work together in real time from anywhere in the world. If you're excited to shape the future of design and collaboration, join us! We’re looking for an expert Technical Program Manager (TPM) to support our Security Operations team. In this role, you’ll partner with our Business and Technology teams to lead cross-functional programs that are critical to how we manage risk and secure our organization. You’ll ensure alignment across teams, deliver on commitments, develop solutions, and clear roadblocks so we can move forward together. Beyond execution, you’ll roll up your sleeves to shape how teams work together—championing security practices, strengthening operations, and solving tough problems with scalable, repeatable practices. This is a full time role that can be held from one of our US hubs or remotely in the United States. WHAT YOU’LL DO AT FIGMA: * Own end-to-end program execution for security, compliance, and infrastructure initiatives—managing dependencies, milestones, risks, and reporting at a portfolio level * Lead highly cross-functional programs, using strong project management skills to deliver complex initiatives in a collaborative and transparent way * Drive project alignment by handling dependencies, guiding technical discussions, facilitating decision making, and ensuring the right conversations happen at the right time * Influence outcomes by building trusted, strong partnerships across the organization * Champion effective ways of working—finding the right balance of tools, structure & practices while continuously improving how we collaborate and deliver on our commitments WE'D LOVE TO HEAR FROM YOU IF YOU HAVE: * 5+ years of program or project management experience in a cloud or SaaS environment supporting enterprise technology or security teams * Strong understanding of information security principles and controls, including data protection, access management, and application security * Ability to dive into technical details and apply that knowledge to drive alignment and solve complex challenges * Experience communicating complex security risks and tradeoffs to both technical and non-technical audiences * Proficiency with project management and collaboration tools (e.g., Asana, Google Workspace, Slack, Zoom, Notion, Figma) and the judgment to apply them effectively based on team needs WHILE NOT REQUIRED, IT’S AN ADDED PLUS IF YOU ALSO HAVE: * PMP & Scrum Certifications * Prior experience with identity and access management systems and practices, vendor security and technology governance processes, risk assessments, security investigations, detection and response operations, and incident response * Familiarity with security frameworks and standards such as ISO 27001, NIST, and SOC 2, and experience with ITGC frameworks * Familiarity with AI/ML risk considerations or AI risk frameworks (NIST AI RMF, OECD, ISO 42001) * Experience with using AI tools (e.g Claude Code, Claude Cowork, Open AI Codex, etc) to automate and scale manual processes and decision-making workflows At Figma, one of our values is Grow as you go. We believe in hiring smart, curious people who are excited to learn and develop their skills. If you’re excited about this role but your past experience doesn’t align perfectly with the points outlined in the job description, we encourage you to apply anyways. You may be just the right candidate for this or other roles. Pay Transparency Disclosure If based in Figma’s San Francisco or New York hub offices, this role has the annual base salary range stated below. Job level and actual compensation will be decided based on factors including, but not limited to, individual qualifications objectively assessed during the interview process (including skills and prior relevant experience, potential impact, and scope of role), market demands, and specific work location. The listed range is a guideline, and the range for this role may be modified. For roles that are available to be filled remotely, the pay range is localized according to employee work location by a factor of between 80% and 100% of range. Please discuss your specific work location with your recruiter for more information. Figma offers equity to employees, as well a competitive package of additional benefits, including health, dental & vision, retirement with company contribution, parental leave & reproductive or family planning support, mental health & wellness benefits, generous PTO, company recharge days, a learning & development stipend, a work from home stipend, and cell phone reimbursement. Figma also offers sales incentive pay for most sales roles and an annual bonus plan for eligible non-sales roles. Figma’s compensation and benefits are subject to change and may be modified in the future. Annual Base Salary Range: $140,000—$245,000 USD At Figma we celebrate and support our differences. We know employing a team rich in diverse thoughts, experiences, and opinions allows our employees, our product and our community to flourish. Figma is an equal opportunity workplace - we are dedicated to equal employment opportunities regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity/expression, veteran status, or any other characteristic protected by law. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. We will work to ensure individuals with disabilities are provided reasonable accommodation to apply for a role, participate in the interview process, perform essential job functions, and receive other benefits and privileges of employment. If you require accommodation, please reach out to accommodations-ext@figma.com. These modifications enable an individual with a disability to have an equal opportunity not only to get a job, but successfully perform their job tasks to the same extent as people without disabilities. Examples of accommodations include but are not limited to: * Holding interviews in an accessible location * Enabling closed captioning on video conferencing * Ensuring all written communication be compatible with screen readers * Changing the mode or format of interviews To ensure the integrity of our hiring process and facilitate a more personal connection, we require all candidates keep their cameras on during video interviews. Additionally, if hired you will be required to attend in person onboarding. By applying for this job, the candidate acknowledges and agrees that any personal data contained in their application or supporting materials will be processed in accordance with Figma's Candidate Privacy Notice.
Figma is growing our team of passionate creatives and builders on a mission to make design accessible to all. Figma’s platform helps teams bring ideas to life—whether you're brainstorming, creating a prototype, translating designs into code, or iterating with AI. From idea to product, Figma empowers teams to streamline workflows, move faster, and work together in real time from anywhere in the world. If you're excited to shape the future of design and collaboration, join us! Figma's Security team is growing, and we're looking for a Security Operations Manager to lead the strategy and execution of our security operations program. In this role, you'll build and scale the systems, processes, and tooling that help protect Figma and our community. You'll partner closely with Security Engineering, Platform Security, IT, GRC, and Legal to strengthen our detection and response capabilities, improve operational resilience, and help shape the future of our DART and SOC functions. This is a full time role that can be held from one of our US hubs or remotely in the United States. WHAT YOU'LL DO AT FIGMA: * Own Figma's security monitoring and incident response program, from detection engineering through post-incident review and continuous improvement * Build and automate security operations workflows, including alert triage, enrichment, investigation, and response actions using SOAR and custom tooling * Develop and maintain incident response run books, escalation procedures, and communication plans for security events of varying severity * Lead incident response preparedness initiatives, including tabletop exercises, red team engagements, and response capability assessments * Improve the effectiveness of our SIEM and SOAR platforms by reducing noise, increasing signal fidelity, and closing detection coverage gaps * Build and operationalize threat intelligence capabilities to identify adversary behaviors, prioritize investments, and strengthen detection and response programs * Partner with Legal, Privacy, and Communications teams to support breach notification and regulatory response obligations during significant security incidents * Drive security operations strategy through vendor management, operational metrics, and cross-functional initiatives spanning IAM, vulnerability management, DLP, and exposure reduction WE'D LOVE TO HEAR FROM YOU IF YOU HAVE: * 7+ years of experience in security operations, incident response, or a related security engineering function * Hands-on experience building and automating detection and response workflows using scripting, APIs, or security automation platforms * Deep expertise with SIEM and SOAR technologies in a cloud-native or SaaS environment * Demonstrated success building, scaling, or significantly improving a detection and response program * Experience leading complex security incidents and partnering with Legal, Privacy, and business stakeholders during high-impact events WHILE IT'S NOT REQUIRED, IT'S AN ADDED PLUS IF YOU ALSO HAVE: * Operated in a public company environment with SOX, ISO 27001, SOC 2, or FedRAMP requirements * Applied AI risk management frameworks such as NIST AI RMF, OECD AI Principles, or ISO 42001 * Utilized AI-powered tools to automate security operations workflows and improve team efficiency At Figma, one of our values is Grow as you go. We believe in hiring smart, curious people who are excited to learn and develop their skills. If you’re excited about this role but your past experience doesn’t align perfectly with the points outlined in the job description, we encourage you to apply anyways. You may be just the right candidate for this or other roles. Pay Transparency Disclosure If based in Figma’s San Francisco or New York hub offices, this role has the annual base salary range stated below. Job level and actual compensation will be decided based on factors including, but not limited to, individual qualifications objectively assessed during the interview process (including skills and prior relevant experience, potential impact, and scope of role), market demands, and specific work location. The listed range is a guideline, and the range for this role may be modified. For roles that are available to be filled remotely, the pay range is localized according to employee work location by a factor of between 80% and 100% of range. Please discuss your specific work location with your recruiter for more information. Figma offers equity to employees, as well a competitive package of additional benefits, including health, dental & vision, retirement with company contribution, parental leave & reproductive or family planning support, mental health & wellness benefits, generous PTO, company recharge days, a learning & development stipend, a work from home stipend, and cell phone reimbursement. Figma also offers sales incentive pay for most sales roles and an annual bonus plan for eligible non-sales roles. Figma’s compensation and benefits are subject to change and may be modified in the future. Annual Base Salary Range: $185,000—$296,000 USD At Figma we celebrate and support our differences. We know employing a team rich in diverse thoughts, experiences, and opinions allows our employees, our product and our community to flourish. Figma is an equal opportunity workplace - we are dedicated to equal employment opportunities regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity/expression, veteran status, or any other characteristic protected by law. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. We will work to ensure individuals with disabilities are provided reasonable accommodation to apply for a role, participate in the interview process, perform essential job functions, and receive other benefits and privileges of employment. If you require accommodation, please reach out to accommodations-ext@figma.com. These modifications enable an individual with a disability to have an equal opportunity not only to get a job, but successfully perform their job tasks to the same extent as people without disabilities. Examples of accommodations include but are not limited to: * Holding interviews in an accessible location * Enabling closed captioning on video conferencing * Ensuring all written communication be compatible with screen readers * Changing the mode or format of interviews To ensure the integrity of our hiring process and facilitate a more personal connection, we require all candidates keep their cameras on during video interviews. Additionally, if hired you will be required to attend in person onboarding. By applying for this job, the candidate acknowledges and agrees that any personal data contained in their application or supporting materials will be processed in accordance with Figma's Candidate Privacy Notice.
Figma is growing our team of passionate creatives and builders on a mission to make design accessible to all. Figma’s platform helps teams bring ideas to life—whether you're brainstorming, creating a prototype, translating designs into code, or iterating with AI. From idea to product, Figma empowers teams to streamline workflows, move faster, and work together in real time from anywhere in the world. If you're excited to shape the future of design and collaboration, join us! Figma's GRC team helps build and maintain trust with our users, regulators, business partners, and the organizations that rely on Figma every day. We partner across the company to strengthen security, manage risk, maintain compliance, and scale the programs that support our continued growth. We're growing our team and looking for security, risk, and compliance professionals across several disciplines. Whether your expertise is in compliance, risk management, governance, GRC tooling, or customer trust, you'll have the opportunity to build programs, improve processes, and help shape how Figma scales security and trust. Roles we hire for on this team: * Compliance Management * Lead compliance and certification programs across security and regulatory frameworks * Manage audit cycles, partner with external assessors, and drive audit readiness initiatives * Improve controls, processes, and evidence management practices across the organization * Security Risk Management * Build and maintain risk and controls frameworks that support Figma's security posture * Assess, prioritize, and communicate security risks across the business * Develop third-party risk management strategies and enterprise risk reporting programs * Policy & Governance * Manage the lifecycle of organizational security policies, standards, and procedures * Drive policy awareness and stakeholder engagement across the company * Ensure governance practices align with regulatory requirements and business objectives * GRC Platforms & Enablement * Select, implement, and optimize GRC platforms and supporting workflows * Scale evidence collection, reporting, and program management capabilities * Identify opportunities to automate and streamline GRC operations * Customer Trust * Support customer trust and business enablement activities across the sales lifecycle * Manage security knowledge bases, customer-facing documentation, and trust publications * Respond to customer security inquiries, audits, and questionnaires This is a full time role that can be held from one of our US hubs or remotely in the United States. WHAT YOU'LL DO AT FIGMA: * Lead compliance programs across frameworks such as SOC 2, ISO 27001, FedRAMP, SOX ITGC, GDPR, and NIS2 * Manage external audits and certification activities while partnering with auditors and assessors * Build and maintain risk and controls frameworks, including common control frameworks that support multiple certifications * Conduct risk and gap assessments and drive remediation efforts across technical and business stakeholders * Improve control effectiveness and operational efficiency through rationalization and process optimization * Implement and optimize GRC platforms that scale evidence collection and program management * Maintain security policies and governance processes that align with organizational risk objectives * Support customer trust initiatives, including security questionnaires, audits, and customer-facing security communications We’d love to hear from you if you have: * 4+ years of experience in information security, compliance, risk management, or a related field * Hands-on experience supporting security and compliance frameworks such as SOC 2, ISO 27001, FedRAMP, PCI-DSS, or SOX ITGC * Experience leading or supporting audits and partnering with external assessors * Demonstrated ability to conduct assessments, drive remediation efforts, and manage cross-functional initiatives * Exceptional written and verbal communication skills across technical, business, and executive audiences * Demonstrated ability to improve processes, manage competing priorities, and build strong cross-functional partnerships While it’s not required, it’s an added plus if you also have: * Operated in a public company environment with SOX ITGC requirements * Supported FedRAMP authorization, SSP development, 3PAO coordination, or continuous monitoring activities * Earned security or risk certifications such as CISA, CISSP, CISM, or CRISC * Implemented or administered GRC platforms such as Vanta, Drata, or similar tools * Scaled security, compliance, or risk programs in a high-growth environment At Figma, one of our values is Grow as you go. We believe in hiring smart, curious people who are excited to learn and develop their skills. If you’re excited about this role but your past experience doesn’t align perfectly with the points outlined in the job description, we encourage you to apply anyways. You may be just the right candidate for this or other roles. Pay Transparency Disclosure If based in Figma’s San Francisco or New York hub offices, this role has the annual base salary range stated below. Job level and actual compensation will be decided based on factors including, but not limited to, individual qualifications objectively assessed during the interview process (including skills and prior relevant experience, potential impact, and scope of role), market demands, and specific work location. The listed range is a guideline, and the range for this role may be modified. For roles that are available to be filled remotely, the pay range is localized according to employee work location by a factor of between 80% and 100% of range. Please discuss your specific work location with your recruiter for more information. Figma offers equity to employees, as well a competitive package of additional benefits, including health, dental & vision, retirement with company contribution, parental leave & reproductive or family planning support, mental health & wellness benefits, generous PTO, company recharge days, a learning & development stipend, a work from home stipend, and cell phone reimbursement. Figma also offers sales incentive pay for most sales roles and an annual bonus plan for eligible non-sales roles. Figma’s compensation and benefits are subject to change and may be modified in the future. Annual Base Salary Range: $153,000—$296,000 USD At Figma we celebrate and support our differences. We know employing a team rich in diverse thoughts, experiences, and opinions allows our employees, our product and our community to flourish. Figma is an equal opportunity workplace - we are dedicated to equal employment opportunities regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity/expression, veteran status, or any other characteristic protected by law. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. We will work to ensure individuals with disabilities are provided reasonable accommodation to apply for a role, participate in the interview process, perform essential job functions, and receive other benefits and privileges of employment. If you require accommodation, please reach out to accommodations-ext@figma.com. These modifications enable an individual with a disability to have an equal opportunity not only to get a job, but successfully perform their job tasks to the same extent as people without disabilities. Examples of accommodations include but are not limited to: * Holding interviews in an accessible location * Enabling closed captioning on video conferencing * Ensuring all written communication be compatible with screen readers * Changing the mode or format of interviews To ensure the integrity of our hiring process and facilitate a more personal connection, we require all candidates keep their cameras on during video interviews. Additionally, if hired you will be required to attend in person onboarding. By applying for this job, the candidate acknowledges and agrees that any personal data contained in their application or supporting materials will be processed in accordance with Figma's Candidate Privacy Notice.