# Apply for a career with Asana

> Apply for the Security Risk Manager in San Francisco at Asana! Click to learn more about life at Asana!

Careers

All open positions

Offices

Chicago

Dublin

Japan

London

Munich

New York City

Paris

Reykjavik

San Francisco (HQ)

Sydney

Singapore

Vancouver, BC

Warsaw

Teams

Business & Marketing

Engineering & Data

General & Administrative

Product & Design

Interns & Early career

Culture & Belonging

All open positions

#### Sneak a peek behind the scenes

#### Stance gets socks to market 14 times faster with Asana

#### Get company news, success stories, and more

#### Check in with us all over the world

#### Now streaming: How to Asana

#### Check out what inspires our work

#### Hear from our employees

We’re growing fast to achieve a big [mission](https://blog.asana.com/2020/09/mission) that drives us every day. Passionate and curious people like you will help us achieve it. A supportive team, award-winning culture, and unique growth opportunities will empower you to do your best and most impactful work at Asana.

Asana is a leading work management platform for human + AI collaboration. Over 170,000 customers like Accenture, Amazon, Anthropic, and Suzuki rely on Asana to align teams and accelerate organizational impact. Whether it’s managing strategic initiatives, cross-functional programs, or company-wide goals, Asana helps organizations bring clarity to complexity—turning plans into action with AI working alongside teams every step of the way. We believe investing in our culture and our employees is what fuels our individual and collective growth, allowing us to achieve our mission. Asana is an equal opportunity employer, and building a diverse, equitable, and inclusive company is core to our mission. Join us to make a big impact—on our mission, our customers’ missions, and your career.

Can’t find the right role at Asana today? [Join Asana’s Talent Network](https://www.gem.com/form?formID=fbcdec8c-3442-43b9-9b45-d2b5f4ea25db) to stay up to date on job openings.

By clicking "Submit Application," you acknowledge and agree to [Asana's Global Job Applicant Privacy Notice](https://assets.asana.biz/m/7b98ac66e485a481/original/Asana-Global-Candidate-Privacy-Notice-December-18-2023-English-docx.pdf).

By clicking "Submit Application," you acknowledge and agree to [Asana's Global Job Applicant Privacy Notice](https://assets.asana.biz/m/2920026633def32/original/Asana-Global-Candidate-Privacy-Notice_-December-18-2023-_FR-FR.pdf).

By clicking "Submit Application," you acknowledge and agree to [Asana's Global Job Applicant Privacy Notice](https://assets.asana.biz/m/d5680442317933/original/Asana-Global-Candidate-Privacy-Notice_-December-18-2023-_DE-DE.pdf).

By clicking "Submit Application," you acknowledge and agree to [Asana's Global Job Applicant Privacy Notice](https://assets.asana.biz/m/1563f7199fad9c3f/original/Asana-Global-Candidate-Privacy-Notice_-December-18-2023-_ES-LA.pdf).

By clicking "Submit Application," you acknowledge and agree to [Asana's Global Job Applicant Privacy Notice](https://assets.asana.biz/m/234149810b33f799/original/Asana-Global-Candidate-Privacy-Notice_-December-18-2023-_PT-BR.pdf).

By clicking "Submit Application," you acknowledge and agree to [Asana's Global Job Applicant Privacy Notice](https://assets.asana.biz/m/1061f391b887e4aa/original/Asana-Global-Candidate-Privacy-Notice_-December-18-2023-_JA-JP.pdf).

By clicking "Submit Application," you acknowledge and agree to [Asana's Global Job Applicant Privacy Notice](https://assets.asana.biz/m/27af8714dbaace3c/original/Asana-Global-Candidate-Privacy-Notice_-December-18-2023-_ZH-CN.pdf).

By clicking "Submit Application," you acknowledge and agree to [Asana's Global Job Applicant Privacy Notice](https://assets.asana.biz/m/5a836fe4eb6cf4f1/original/Asana-Global-Candidate-Privacy-Notice_-December-18-2023-_NL-NL.pdf).

By clicking "Submit Application," you acknowledge and agree to [Asana's Global Job Applicant Privacy Notice](https://assets.asana.biz/m/4c59f76e42223694/original/Asana-Global-Candidate-Privacy-Notice_-December-18-2023-_PL-PL.pdf).

By clicking "Submit Application," you acknowledge and agree to [Asana's Global Job Applicant Privacy Notice](https://assets.asana.biz/m/1d0ce1e057fadc86/original/Asana-Global-Candidate-Privacy-Notice_-December-18-2023-_RU-RU.pdf).

By clicking "Submit Application," you acknowledge and agree to [Asana's Global Job Applicant Privacy Notice](https://assets.asana.biz/m/33254628afec3df7/original/Asana-Global-Candidate-Privacy-Notice_-December-18-2023-_KO-KR.pdf).

By clicking "Submit Application," you acknowledge and agree to [Asana's Global Job Applicant Privacy Notice](https://assets.asana.biz/m/1c6881d2387a57af/original/Asana-Global-Candidate-Privacy-Notice_-December-18-2023-_SV-SE.pdf).

By clicking "Submit Application," you acknowledge and agree to [Asana's Global Job Applicant Privacy Notice](https://assets.asana.biz/m/745cd0d2d0e8485c/original/Asana-Global-Candidate-Privacy-Notice_-December-18-2023-_IT-IT.pdf).

By clicking "Submit Application," you acknowledge and agree to [Asana's Global Job Applicant Privacy Notice](https://assets.asana.biz/m/7deecd415c76c95a/original/Asana-Global-Candidate-Privacy-Notice_-December-18-2023-_ID-ID.pdf).

Make an impact at Asana

Apply for a career with Asana

San Francisco

Cost Center

Careers Page: Heading

Careers Page: Team

Careers Page: Location

### Security Risk Manager

At Asana, security is foundational to our mission of helping teams work together effortlessly. Our security team protects Asana's employees, users, and customers by proactively addressing threats, ensuring compliance, and fostering a culture of security throughout our product and operations.

As the Security Risk Manager, you will own Asana's internal security risk management program end-to-end. This is a senior role for someone who goes beyond frameworks and checklists — you will engineer the quantitative and automated foundations that let Asana continuously measure and make confident decisions about security risk. You'll build the systems and processes that make risk scalable, not just the policies that describe it, and serve as a trusted advisor to senior leadership.

This role is based in our San Francisco office with an office-centric hybrid schedule. The standard in-office days are Monday, Tuesday, and Thursday. Most Asanas have the option to work from home on Wednesdays. Working from home on Fridays depends on the type of work you do and the teams with which you partner. If you're interviewing for this role, your recruiter will share more about the in-office requirements

**What you'll achieve**
- **Own Asana's security risk management program:** Design and continuously mature a quantitative risk framework — including risk scoring methodologies, likelihood and impact modeling, and risk appetite thresholds — that enables consistent, data-driven risk decisions across the organization.
- **Build and maintain a living risk register:** Own Asana's central security risk register, developing KRIs, tracking trends over time, and driving accountability for risk treatment and remediation with business and technical owners.
- **Automate risk identification and monitoring:** Design and implement automated data pipelines and integrations that continuously surface security risks — pulling signals from vulnerability scanners, cloud security tooling, SIEMs, and third-party risk sources — so Asana's risk posture is always current and not dependent on manual review cycles.
- **Deliver quantitative risk reporting:** Develop executive-level dashboards that communicate security risk in business terms — probability, potential impact, cost of control vs. cost of breach, and residual risk exposure — to inform investment and prioritization decisions.
- **Partner cross-functionally on risk:** Act as the primary security risk partner to Legal, Privacy, Finance, and Engineering. Influence security investment decisions and build a culture of risk awareness across the company.

**About you**
- 7+ years of experience in information security with a strong focus on security risk management and GRC.
- Demonstrated experience building or leading a security risk management program — not just contributing to one.
- Hands-on experience with quantitative risk methodologies such as FAIR, risk scoring models, or statistical risk analysis. You back up risk ratings with numbers, not just color codes.
- Hands-on experience scripting or building automation to integrate security tooling, build data pipelines, or automate risk monitoring — you've built things, not just directed others to build them.Deep knowledge of security frameworks including NIST CSF, NIST SP 800-30, ISO 27001, SOC 2, and FedRAMP.
- Proven ability to develop risk metrics, KRIs, and executive-level reporting that drives decision-making.
- Strong understanding of cloud environments and SaaS architecture — enough to have credible risk conversations with technical teams.
- Excellent communicator who can translate technical risk findings for both engineering teams and C-suite stakeholders.
- Demonstrates curiosity about AI tools and emerging technologies, with a willingness to learn and leverage them to enhance productivity and decision-making.

At Asana, we're committed to building teams that include a variety of backgrounds, perspectives, and skills. If you're interested in this role and don't meet every listed requirement, we still encourage you to apply.

**What we'll offer**

For this role, the estimated base salary range is between $194,000–$220,000. The actual base salary will vary based on various factors, including market and individual qualifications objectively assessed during the interview process.

In addition to base salary, your compensation package may include equity and benefits. If you're interviewing for this role, speak with your Talent Acquisition Partner to learn more.

We strive to provide equitable and competitive benefits packages that support our employees worldwide and include:
- Mental health, wellness & fitness benefits
- Career coaching & support
- Inclusive family building benefits
- Long-term savings or retirement plans
- In-office culinary options to cater to your dietary preferences

#LI-Hybrid

**About us**

Asana is a leading platform for human + AI collaboration. Millions of teams around the world rely on Asana to achieve their most important goals, faster. Asana has been named to Fortune's Best Workplaces for 7+ years and recognized by Fast Company, Forbes, and Gartner for excellence in workplace culture and innovation. We offer an exceptional office-centric culture while adopting the best elements of hybrid models to ensure that every one of our global team members can work together effortlessly. With 13+ offices all over the world, we are always looking for individuals who care about building technology that drives positive change in the world and a culture where everyone feels that they belong.

**[Join Asana’s Talent Network](https://www.gem.com/form?formID=fbcdec8c-3442-43b9-9b45-d2b5f4ea25db)** to stay up to date on job opportunities and life at Asana.

Infrastructure Engineering

San Francisco

#### Why Asana?

Asana is a leading work management platform for human + AI collaboration. Over 170,000 customers like Accenture, Amazon, Anthropic, and Suzuki rely on Asana to align teams and accelerate organizational impact. Whether it’s managing strategic initiatives, cross-functional programs, or company-wide goals, Asana helps organizations bring clarity to complexity—turning plans into action with AI working alongside teams every step of the way. We believe investing in our culture and our employees is what fuels our individual and collective growth, allowing us to achieve our mission. Asana is an equal opportunity employer, and building a diverse, equitable, and inclusive company is core to our mission. Join us to make a big impact—on our mission, our customers’ missions, and your career.

Can’t find the right role at Asana today? [Join Asana’s Talent Network](https://www.gem.com/form?formID=fbcdec8c-3442-43b9-9b45-d2b5f4ea25db) to stay up to date on job openings.

By clicking "Submit Application," you acknowledge and agree to [Asana's Global Job Applicant Privacy Notice](https://assets.asana.biz/m/7b98ac66e485a481/original/Asana-Global-Candidate-Privacy-Notice-December-18-2023-English-docx.pdf).

#### Careers

#### Offices

- [Chicago](/jobs/chicago)

- [Dublin](/jobs/dublin)

- [Japan](/jobs/tokyo)

- [London](/jobs/london)

- [Munich](/jobs/munich)

- [New York City](/jobs/new-york)

- [Paris](/jobs/paris)

- [Reykjavik](/jobs/reykjavik)

- [San Francisco (HQ)](/jobs/san-francisco)

- [Sydney](/jobs/sydney)

- [Singapore](/jobs/singapore)

- [Vancouver, BC](/jobs/vancouver)

- [Warsaw](/jobs/warsaw)

#### Teams

- [Business & Marketing](/jobs/business)

- [Engineering & Data](/jobs/engineering)

- [General & Administrative](/jobs/internal)

- [Product & Design Teams](/jobs/product)

- [Emerging Talent Programs](/jobs/university-recruiting)

- [Culture & Belonging](/culture-and-belonging)

- [All open positions](/jobs/all)

### Security Risk Manager

At Asana, security is foundational to our mission of helping teams work together effortlessly. Our security team protects Asana's employees, users, and customers by proactively addressing threats, ensuring compliance, and fostering a culture of security throughout our product and operations.

 As the Security Risk Manager, you will own Asana's internal security risk management program end-to-end. This is a senior role for someone who goes beyond frameworks and checklists — you will engineer the quantitative and automated foundations that let Asana continuously measure and make confident decisions about security risk. You'll build the systems and processes that make risk scalable, not just the policies that describe it, and serve as a trusted advisor to senior leadership.

 This role is based in our San Francisco office with an office-centric hybrid schedule. The standard in-office days are Monday, Tuesday, and Thursday. Most Asanas have the option to work from home on Wednesdays. Working from home on Fridays depends on the type of work you do and the teams with which you partner. If you're interviewing for this role, your recruiter will share more about the in-office requirements

 **What you'll achieve**
- **Own Asana's security risk management program:** Design and continuously mature a quantitative risk framework — including risk scoring methodologies, likelihood and impact modeling, and risk appetite thresholds — that enables consistent, data-driven risk decisions across the organization.
- **Build and maintain a living risk register:** Own Asana's central security risk register, developing KRIs, tracking trends over time, and driving accountability for risk treatment and remediation with business and technical owners.
- **Automate risk identification and monitoring:** Design and implement automated data pipelines and integrations that continuously surface security risks — pulling signals from vulnerability scanners, cloud security tooling, SIEMs, and third-party risk sources — so Asana's risk posture is always current and not dependent on manual review cycles.
- **Deliver quantitative risk reporting:** Develop executive-level dashboards that communicate security risk in business terms — probability, potential impact, cost of control vs. cost of breach, and residual risk exposure — to inform investment and prioritization decisions.
- **Partner cross-functionally on risk:** Act as the primary security risk partner to Legal, Privacy, Finance, and Engineering. Influence security investment decisions and build a culture of risk awareness across the company.

 **About you**
- 7+ years of experience in information security with a strong focus on security risk management and GRC.
- Demonstrated experience building or leading a security risk management program — not just contributing to one.
- Hands-on experience with quantitative risk methodologies such as FAIR, risk scoring models, or statistical risk analysis. You back up risk ratings with numbers, not just color codes.
- Hands-on experience scripting or building automation to integrate security tooling, build data pipelines, or automate risk monitoring — you've built things, not just directed others to build them.Deep knowledge of security frameworks including NIST CSF, NIST SP 800-30, ISO 27001, SOC 2, and FedRAMP.
- Proven ability to develop risk metrics, KRIs, and executive-level reporting that drives decision-making.
- Strong understanding of cloud environments and SaaS architecture — enough to have credible risk conversations with technical teams.
- Excellent communicator who can translate technical risk findings for both engineering teams and C-suite stakeholders.
- Demonstrates curiosity about AI tools and emerging technologies, with a willingness to learn and leverage them to enhance productivity and decision-making.

 At Asana, we're committed to building teams that include a variety of backgrounds, perspectives, and skills. If you're interested in this role and don't meet every listed requirement, we still encourage you to apply.

 **What we'll offer**

 For this role, the estimated base salary range is between $194,000–$220,000. The actual base salary will vary based on various factors, including market and individual qualifications objectively assessed during the interview process.

 In addition to base salary, your compensation package may include equity and benefits. If you're interviewing for this role, speak with your Talent Acquisition Partner to learn more.

 We strive to provide equitable and competitive benefits packages that support our employees worldwide and include:
- Mental health, wellness & fitness benefits
- Career coaching & support
- Inclusive family building benefits
- Long-term savings or retirement plans
- In-office culinary options to cater to your dietary preferences

 #LI-Hybrid

**About us**

 Asana is a leading platform for human + AI collaboration. Millions of teams around the world rely on Asana to achieve their most important goals, faster. Asana has been named to Fortune's Best Workplaces for 7+ years and recognized by Fast Company, Forbes, and Gartner for excellence in workplace culture and innovation. We offer an exceptional office-centric culture while adopting the best elements of hybrid models to ensure that every one of our global team members can work together effortlessly. With 13+ offices all over the world, we are always looking for individuals who care about building technology that drives positive change in the world and a culture where everyone feels that they belong.

 **[Join Asana’s Talent Network](https://www.gem.com/form?formID=fbcdec8c-3442-43b9-9b45-d2b5f4ea25db)** to stay up to date on job opportunities and life at Asana.

Asana

Asana