Sr Cyber Governance, Risk, and Compliance Analyst (Data Governance)

About The Position

Requirements

• Expert familiarity with systems and network infrastructure security technologies, including application/OS hardening techniques, network protocols, network & application firewalls, intrusion detection systems.
• Expert hands-on familiarity with security risk-assessment tools & techniques (vulnerability testing, penetration testing, social engineering, etc)
• Excellent program/project management abilities.
• Recognizes that policies must be conceived and implemented in the context of a dynamic, customer-oriented, for-profit business environment
• Excellent written & verbal communications; superior interpersonal, planning, documentation, organization, and problem solving skills.
• Expert ability to act independently; interface with people at all levels in the company, and take initiative to engage internal & external personnel/services to ensure effective & reliable systems.
• Proven initiative to engage internal & external personnel/services to ensure effective & reliable systems.
• BS/BA or equivalent work experience in security related field
• 8+ years of relevant work experience
• 6+ years working experience as a security analyst or equivalent
• Industry relevant certifications such as CISSP, CRISC, CISA, CISM, CGEIT, etc.
• Knowledge with common compliance frameworks like the CIS Critical Controls, NIST SP800, ISO27001

Nice To Haves

• Foreign language skills a plus
• Proven experience influencing a team to achieve positive results

Responsibilities

• Lead Data Governance Program Develop and implement data governance procedures for data security
• Partner with IT Engineering teams to develop tool-based policy and scanning rules to ensure that responsible teams remediate findings from data security posture management (DSPM) scans.
• Operationalize alert response procedures to address unnecessary data storage, data access audits, and incident response in accordance with the Incident Response Plan.
• Assist with management of the vulnerability management program as it relates to Data Security Review and analyze highly complex remediation of findings.
• Monitor, notify and/or assist with remediation steps for identified vulnerabilities.
• Engage with stakeholders to address outstanding vulnerabilities.
• May assist with reporting on status of program to Cybersecurity Leadership or other management teams.
• Assist with audit, risk management, and compliance program Support and improve security, risk management, and control framework, including Secure Software Development Lifecycle and Data Security Posture Management
• Monitor internal compliance against information security governance frameworks by conducting routine testing and internal control reviews as well as enterprise security risk assessments
• Identify and communicate control gaps, evaluate management remediation action plans, and provide ongoing monitoring of resolution
• Execute annual assessment program including customer and external compliance assessments (ISO 27001/17/18, IT SOX, SOC 2, FedRAMP, HIPPA and PCI-DSS) and required vulnerability assessment, including remediation activities
• Maintain awareness of external regulations and industry standards for new or modified requirements (FedRAMP, GDPR, PCI-DSS, CCPA, NIST 800-53, ISO 27001, etc.)
• Perform assessments of supporting third parties to evaluate current security posture and monitor ongoing adherence to F5’s information security requirements
• Performs other related duties as assigned.
• Responsible for upholding F5’s Business Code of Ethics and for promptly reporting violations of the Code or other company policies.

Benefits

• We offer work/life integration programs like Freedom to Flex, dynamic employee inclusion groups, paid maternity/paternity leave, tuition assistance for professional development, a comprehensive mentoring program, rewards/recognition, and so much more.
• employee matching
• volunteer opportunities