Risk and Compliance Lead (GRC)

Job Summary

The Senior GRC Compliance Analyst will facilitate the completion of internal and external audits including ISO27001, AICPA SSAE 18 SOC 2 Type 2, and various customer audits to accurately reflect NetApp’s security and compliance posture to current and potential customers. The analyst will work with the Enterprise Information Security (EIS) team and internal business units to understand our security posture and audit preparedness, collect supporting evidence, identify gaps in expectations/capabilities, and determine strategies for completing all audits throughout the year.
 

Requirements

• Risk and Compliance Specialist will facilitate the completion of internal and external audits including ISO27001, AICPA SSAE 18 SOC 2 Type 2, and various customer audits to accurately reflect NetApp’s security and compliance posture to current and potential customers. The Risk and Compliance Specialist will work with the Global Security Team and internal business units to understand NetApp's security posture and audit preparedness. Job responsibilities include collecting supporting evidence for controls, identify gaps in expectations/capabilities, and determine strategies for completing all audits throughout the year.
• Ability to demonstrate a strong understanding of various compliance and regulatory areas (e. g. GDPR, DFARS/NIST 800-171, CMMC, ISO27001, SSAE 18 SOC 2 Type 2) or the risk register, risk exposure, risk reporting and handling of risk events
• Facilitates ISO27001, SOC 2 Type II, and customer audits
• Experience with Cloud Control Frameworks (CIS Benchmarks, Cloud Security Controls Matrix)
• Organizes a team of auditors to efficiently accomplish audit tasks while reporting progress to Senior Leaders
• Effectively works with team to complete customer audit requests and manages scope
• Assists the Sales department in the completion of customer questionnaires
• Communicates with other business units to determine applicability and scope of questionnaires
• Collaborates with Global Security and/or other internal business to collect supporting evidence
• Facilitates customer audits, evidence gathering, finalizing responses, tracking remediation tasks, and audit close
• Communicates gaps in processes/compliance requirements with control owners 
• Excellent written and verbal communication skills
• Strong analytical and problem-solving skills
• Work well with people from many different disciplines with varying degrees of technical experience
• Information security related training or certifications such as CISA, CISSP, or CRISC
• Experience performing information security audits or risk assessments

Preferred Qualifications

• BTech in Computer Science or a related field required with a minimum of 8+ years of related experience of which at least years of experience in business process analysis, project methodology, or systems development life cycle through education or on-the-job experience required