Security Risk Lead

About Fastly

Fastly helps people stay better connected with the things they love. Fastly’s edge cloud platform enables customers to create great digital experiences quickly, securely, and reliably by processing, serving, and securing our customers’ applications as close to their end-users as possible — at the edge of the Internet. The platform is designed to take advantage of the modern internet, to be programmable, and to support agile software development. Fastly’s customers include many of the world’s most prominent companies, including Vimeo, Pinterest, The New York Times, and GitHub. We're building a more trustworthy Internet. Come join us.

Posting Open Date: February 13, 2026

Anticipated Posting Close Date*: May 13, 2026

*Job posting may close early due to the volume of applicants.

Security Risk Lead at Fastly

As the Security Risk Lead, you will be at the center of all things security risk-related. Your goal is to take complex security data and turn it into clear, actionable risk stories for Senior Leadership. You will help Fastly understand not just that risks exist, but influence leaders to understand why it matters and what needs to be prioritized versus dropped. You’ll diagnose problems at the source, working with stakeholders from Security, Engineering, Compliance, and the rest of the organization to redesign our internal systems and make our environment more secure. Fastly believes that security is everyone’s responsibility and you will empower all of Fastly to live up to that responsibility. You will right-size Fastly’s existing security policies and standards so they are as lean and high-performing as our technology.

You will be supported by a friendly security team, where you can learn and develop. We check our egos at the door. You’ll make sure our customers benefit from a service built to the highest security standards in the industry. We pride ourselves in our involvement in the larger security community and encourage our team to present at network and security conferences and participate in the open source community. We are a distributed security team with the commitment and tools in place to make it work.

What You’ll Do

• Lead targeted security risk assessments across the organization, proactively identifying gaps and risks which pose a threat to the safety and security
• Analyze risk data to identify patterns of deficiencies and collaborate with Security Architects, Product Owners, Engineering, and Senior Leaders to propose new, or challenge existing, mitigation plans
• Own and evolve the systems that track our risk decisions and mitigations; ensuring we have visibility into the greatest areas of concern, where we need to buy down more risk, and to keep our mitigation plans on track with the committed timelines
• Oversee relevant Risk Committees to identify and discuss systemic and cross-functional security risks, influencing Senior Leaders across Fastly to commit to mitigation plans
• Design metrics and reporting to give Senior Leadership a pulse check on our security posture, highlighting exactly where we need to invest
• Maintain Fastly’s core security policies and standards, balancing industry best practices with our risk appetite
• Support the assessment and maintenance of our third party risk within Fastly’s vendor landscape

What We’re Looking For

At Fastly we value a diversity of voices. The following is not a laundry list, but to be effective in this role you should possess some of the following and an interest in learning more about the rest:

• 6+ years of relevant experience and a Bachelor’s degree in Management Information Systems, Computer Science, or a related field
• Proven leadership in security strategy, including influencing organizational direction, and embedding a security-first mindset across teams
• Extensive experience dissecting complex environments to find risks that actually matter; ability to communicate technical vulnerabilities in a manner that adequately portrays the magnitude of the risk to technical and non-technical stakeholders
• Ability to translate risks into actionable security controls
• Working knowledge of various frameworks and industry standards, such as: NIST CSF, ISO 27001, PCI DSS, HIPAA, FAIR, and OWASP Top 10
• Experience crafting security policies and standards that take into account a company’s unique operating environment while still meeting security best practices
• Ability to interpret internal security controls and requirements to assess and manage risk associated with third party vendors
• Excellent communication and collaboration skills, capable of engaging with both technical teams and non-technical stakeholders at all levels to articulate risks, trade-offs, and security recommendations
• Experience using governance, risk management, and compliance (GRC) tools preferred

Work Hours, Location & Travel

This position will require you to be available during core business hours. This position is open to Hybrid And Remote Work Locations. The preferred locations for this position are: San Francisco, CA, New York, NY, Denver, CO, Remote United States or Canada (Eastern Standard Time preferred). Fastly currently embraces a largely hybrid model for most roles which allows employees flexibility to split their time between the office and home. There is a strong preference for Hybrid near a local office. However, we may be willing to consider remote candidates within the US. This position may require travel as required by your role or requested by your manager.

Salary & Benefits

The estimated salary range for this position is $132,060 to $186,444. Starting salary may vary based on permissible, non-discriminatory factors such as experience, skills, qualifications, and location. This role may be eligible to participate in Fastly’s equity and discretionary bonus programs. We care about you. Fastly works hard to create a positive environment for our employees, and we think your life outside of work is important too. We support our teams with great benefits that start on the first day of your employment with Fastly. We offer a comprehensive benefits package including medical, dental, and vision insurance. Family planning, mental health support along with Employee Assistance Program, Insurance (Life, Disability, and Accident), a Flexible Vacation policy and up to 18 days of accrued paid sick leave are there to help support our employees. We also offer 401(k) (including company match) and an Employee Stock Purchase Program. For 2026, we offer 12 paid local holidays, 12 paid company wellness days.

Key Skills/Competency

• Security Risk Management
• NIST CSF
• ISO 27001
• PCI DSS
• HIPAA
• FAIR methodology
• OWASP Top 10
• GRC Tools
• Security Policy Development
• Third-Party Risk Assessment