Governance, Risk, and Compliance Analyst III

About The Position

Requirements

• Strong familiarity with systems and network infrastructure security technologies, including application/OS hardening techniques, network protocols, network & application firewalls, intrusion detection systems.
• Strong hands-on familiarity with security risk-assessment tools & techniques (vulnerability testing, penetration testing, social engineering, etc.).
• Sophisticated program/project management abilities.
• Recognizes that policies must be conceived and implemented in the context of a multifaceted, customer-oriented, for-profit business environment.
• Sophisticated written & verbal communications; outstanding interpersonal, planning, documentation, organization, and problem-solving skills.
• Extensive ability to act independently; connect with people at all levels in the company and take initiative to engage internal & external personnel/services to ensure effective & reliable systems.
• Experience working in a team to achieve positive results.
• BS/BA or equivalent work experience in security related field
• 6+ years of relevant work experience
• 4+ years working experience as a security analyst or equivalent
• Industry relevant certifications such as CISSP, CRISC, CISA, CISM, CGEIT, etc.
• Knowledge with common compliance frameworks like the CIS Critical Controls, NIST SP800, ISO27001

Nice To Haves

• Foreign language skills a plus.

Responsibilities

• An individual contributor in the Cybersecurity department that is chartered with supporting the company’s Cybersecurity program, with emphasis on customer security questionnaires, assessments/audits and security risk management support.
• Responsible for assisting with management, monitoring and improving customer security questionnaire program and with company’s security risks, security compliance guidelines and controls, and development / dissemination of best-practice standards, policies and procedures.
• The individual will work with various functions throughout the enterprise to evaluate the design and effectiveness of the control environment and maintain the security posture of the program.
• Responsible for upholding F5’s Business Code of Ethics and for promptly reporting violations of the Code or other company policies.
• Provide daily support to security-related services, including security assessments and the information security management systems program.
• Assist as escalation point for support requests related to Information Security Programs
• Lead and improve support of customer security questionnaires, assessments or audits
• May work with Legal and/or Privacy department to understand regulatory and contractual information security obligations
• Review security bulletins and related news; staying apprised of current threats and trends
• Assist with security risk management
• Support security risk management, issues management, and policy exceptions
• Monitor internal compliance against information security governance frameworks by conducting routine testing and internal control reviews as well as enterprise security risk assessments
• Identify and communicate control gaps, evaluate management remediation action plans, and provide ongoing monitoring of resolution
• Maintain awareness of external regulations and industry standards for new or modified requirements (FedRAMP, GDPR, PCI-DSS, CCPA, NIST 800-53, ISO 27001, etc.)
• Performs other related duties as assigned.

Benefits

• We offer work/life integration programs like Freedom to Flex, dynamic employee inclusion groups, paid maternity/paternity leave, tuition assistance for professional development, a comprehensive mentoring program, rewards/recognition, and so much more.
• employee matching
• volunteer opportunities
• F5 Foundation