Governance, Risk, and Compliance Analyst III

At F5, we strive to bring a better digital world to life. Our teams empower organizations across the globe to create, secure, and run applications that enhance how we experience our evolving digital world. We are passionate about cybersecurity, from protecting consumers from fraud to enabling companies to focus on innovation. Everything we do centers around people. That means we obsess over how to make the lives of our customers, and their customers, better. And it means we prioritize a diverse F5 community where each individual can thrive. Position Summary A Governance, Risk and Compliance (GRC) Analyst III is a Cybersecurity professional responsible for the maintenance and support of Cybersecurity’s many programs (including risk management, compliance, vulnerability management and security awareness training) that meets the parameters prescribed by the Office of the CISO for the organization. Primary Responsibilities An individual contributor in the Cybersecurity department that is chartered with supporting the company’s Cybersecurity program, with emphasis on customer security questionnaires, assessments/audits and security risk management support. Responsible for assisting with management, monitoring and improving customer security questionnaire program and with company’s security risks, security compliance guidelines and controls, and development / dissemination of best-practice standards, policies and procedures. The individual will work with various functions throughout the enterprise to evaluate the design and effectiveness of the control environment and maintain the security posture of the program. Responsible for upholding F5’s Business Code of Ethics and for promptly reporting violations of the Code or other company policies. Provide daily support to security-related services, including security assessments and the information security management systems program. Assist as escalation point for support requests related to Information Security Programs Lead and improve support of customer security questionnaires, assessments or audits May work with Legal and/or Privacy department to understand regulatory and contractual information security obligations Review security bulletins and related news; staying apprised of current threats and trends Assist with security risk management Support security risk management, issues management, and policy exceptions Monitor internal compliance against information security governance frameworks by conducting routine testing and internal control reviews as well as enterprise security risk assessments Identify and communicate control gaps, evaluate management remediation action plans, and provide ongoing monitoring of resolution Maintain awareness of external regulations and industry standards for new or modified requirements (FedRAMP, GDPR, PCI-DSS, CCPA, NIST 800-53, ISO 27001, etc.) Performs other related duties as assigned. The Job Description is intended to be a general representation of the responsibilities and requirements of the job. However, the description may not be all-inclusive, and responsibilities and requirements are subject to change. Knowledge, Skills and Abilities Strong familiarity with systems and network infrastructure security technologies, including application/OS hardening techniques, network protocols, network & application firewalls, intrusion detection systems. Strong hands-on familiarity with security risk-assessment tools & techniques (vulnerability testing, penetration testing, social engineering, etc.). Sophisticated program/project management abilities. Recognizes that policies must be conceived and implemented in the context of a multifaceted, customer-oriented, for-profit business environment. Sophisticated written & verbal communications; outstanding interpersonal, planning, documentation, organization, and problem-solving skills. Extensive ability to act independently; connect with people at all levels in the company and take initiative to engage internal & external personnel/services to ensure effective & reliable systems. Foreign language skills a plus. Experience working in a team to achieve positive results.

Qualifications

BS/BA or equivalent work experience in security related field 6+ years of relevant work experience 4+ years working experience as a security analyst or equivalent Industry relevant certifications such as CISSP, CRISC, CISA, CISM, CGEIT, etc. Knowledge with common compliance frameworks like the CIS Critical Controls, NIST SP800, ISO27001 Physical Demands and Work Environment: Duties are performed in a normal office environment while sitting at a desk or computer table and have the ability to work remotely. Duties require the ability to utilize a computer, communicate over the telephone, and read printed material. Duties may require being on call periodically and working outside normal working hours (evenings and weekends). Duties may require the ability to travel via automobile or airplane, approximately 5% Apply tot his job Apply To this Job