GRC Services, Trust, and Assurance Analyst

About The Position

Requirements

• Expertise in GRC tools and platforms to monitor and report on application security programs and their compliance.
• Knowledge of AWS, Microsoft Azure, and Google Cloud Platform
• Work independently and on high-impact projects in fast-paced environments, with advanced expertise across cyber and IT security.
• Experience with IT service accreditation, attestation, and certification frameworks such as CSA CCM, FedRAMP, PCI-DSS, SOC2, and ISO 27001, including how to obtain these accreditations and how to maintain them
• Strong communication skills
• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field or equivalent experience desired.
• 5-10 years of experience in cybersecurity, with a focus on Cybersecurity and GRC desired
• Proven experience in audit and security program governance.
• Strong knowledge of Cybersecurity and cloud computing

Nice To Haves

• Certifications: The following certifications are desired. CISSP, CCSP, CISA.
• Cloud Architectures
• Cross Domain Knowledge
• Design Thinking
• Development Fundamentals
• DevOps
• Distributed Computing
• Microservices Fluency
• Full Stack Development
• Security-First Mindset
• User Experience (UX)

Responsibilities

• Collaborating with R&D teams developing software for HPE Networking services to ensure understanding and adoption of NIST Secure Software Development Framework (SSDF/ SP800-218) and achievement of desired maturity targets.
• Identifying security gaps and issues, work with Engineering and Program Management to address gaps, and monitor remediation efforts.
• Provide actionable insights and recommendations to Engineering and Product Management to incorporate requirements from applicable assessment and regulatory frameworks such as SOC 2, ISO 27001, FedRAMP, and PCI DSS.
• Executing a compliance and accreditation program for each customer-facing service based on customer needs.
• Measure progress and program health and present this information in dashboard form for consumption by upper management and executive leadership
• Engaging with third party consultants, auditors, and assessors as necessary.
• Working closely with Cybersecurity Digital Risk Management, Engineering, Product Management and other teams to execute a shared responsibility model for as-a-service governance and ensure HPE Networking’s as-a-service program is effectively reflected in company governance activities.

Benefits

• Health & Wellbeing We strive to provide our team members and their loved ones with a comprehensive suite of benefits that supports their physical, financial and emotional wellbeing.
• Personal & Professional Development We also invest in your career because the better you are, the better we all are. We have specific programs catered to helping you reach any career goals you have — whether you want to become a knowledge expert in your field or apply your skills to another division.
• Unconditional Inclusion We are unconditionally inclusive in the way we work and celebrate individual uniqueness. We know varied backgrounds are valued and succeed here. We have the flexibility to manage our work and personal needs. We make bold moves, together, and are a force for good.