People Matter

Sr Governance, Risk, and Compliance Analyst

Volterra

Volterra

IT, Legal
Seattle, WA, USA
Posted on Aug 17, 2024

At F5, we strive to bring a better digital world to life. Our teams empower organizations across the globe to create, secure, and run applications that enhance how we experience our evolving digital world. We are passionate about cybersecurity, from protecting consumers from fraud to enabling companies to focus on innovation.

Everything we do centers around people. That means we obsess over how to make the lives of our customers, and their customers, better. And it means we prioritize a diverse F5 community where each individual can thrive.

Position Summary

A Senior Governance, Risk and Compliance (GRC) is a Cybersecurity professional responsible for the maintenance and support of Cybersecurity’s many programs (including risk management, compliance, vulnerability management and security awareness training) that meets the parameters prescribed by the Office of the CISO for the organization.

Primary Responsibilities

An individual contributor in the Cybersecurity department that is chartered with supporting the company’s Cybersecurity program, with special focus on controls and policies intended to meet Federal Regulatory and FedRAMP requirements. Responsible for assisting with management and monitoring the company’s security risks, security compliance guidelines and controls, security awareness training, vulnerability management and development / dissemination of best-practice standards, policies and procedures. The individual will work with various functions throughout the enterprise to evaluate the design and effectiveness of the control environment and maintain the security posture of the program.

  • Responsible for upholding F5’s Business Code of Ethics and for promptly reporting violations of the Code or other company policies.
  • Provide daily support to security-related, services, including security assessments and the information security management systems program.
    • Assist as escalation point for support requests related to Information Security Programs
    • Support documenting procedures for specific Federal regulatory and FedRAMP requirements
    • Assist with supporting security assessments, including external security assessment and customer security questionnaires
    • Review security bulletins and related news; staying apprised of current threats and trends
  • Assist with audit, risk management, and compliance program
    • Support and improve security, risk management, and control framework
    • Monitor internal compliance against information security governance frameworks by conducting routine testing and internal control reviews as well as enterprise security risk assessments
    • Identify and communicate control gaps, evaluate management remediation action plans, and provide ongoing monitoring of resolution
    • Maintain awareness of external regulations and industry standards for new or modified requirements (NIST 800-53, ISO 27001/2017/2018, GDPR, PCI-DSS, SOC-2, FedRAMP etc.)
    • Perform assessments of supporting third parties to evaluate current security posture and monitor ongoing adherence to F5’s information security requirements
  • Assist with management of the security assessment program
    • Lead and improve supporting of security assessments, including third-party security assessment and customer security questionnaires.
    • May assist with performing legal security reviews of contracts on request of Legal department.
    • May work with external vendors to perform assessments (i.e., pen testing, assessments) as directed.
    • Develop knowledge pertaining to Threat Model Assessments
    • May work with Legal and/or Privacy department to understand regulatory and contractual information security obligations
    • May work with external vendors to perform assessments (i.e., pen testing, assessments) as directed.
  • Assist with management of the vulnerability management program
    • Review and analyze enterprise scale remediation of findings.
    • Monitor, notify and/or assist with remediation steps for identified vulnerabilities.
    • Engage with stakeholders to address outstanding vulnerabilities.
    • May assist with reporting on status of program to Cybersecurity Leadership or other management teams.
  • Assist with management of the information security awareness program
    • Consult on a senior level for the ISAT to ensure compliance and process improvements.
    • Create training modules and ensure role based training is appropriate to meet compliance requirements
    • Managed reporting and follow up on outstanding training assignments
    • Engage with employees and/or departments and promote ISAT awareness.
  • Performs other related duties as assigned.

The Job Description is intended to be a general representation of the responsibilities and requirements of the job. However, the description may not be all-inclusive, and responsibilities and requirements are subject to change.

Knowledge, Skills and Abilities

  • Expert familiarity with systems and network infrastructure security technologies, including application/OS hardening techniques, network protocols, network & application firewalls, intrusion detection systems.
  • Expert hands-on familiarity with security risk-assessment tools & techniques (vulnerability testing, penetration testing, social engineering, etc.).
  • Sophisticated program/project management abilities.
  • Recognizes that policies must be conceived and implemented in the context of a multifaceted, customer-oriented, for-profit business environment.
  • Expert written & verbal communications; outstanding interpersonal, planning, documentation, organization, and problem solving skills.
  • Extensive ability to act independently; connect with people at all levels in the company, and take initiative to engage internal & external personnel/services to ensure effective & reliable systems.
  • Foreign language skills a plus.
  • Experience working in a team to achieve positive results.

Qualifications

  • BS/BA or equivalent work experience in security related field
  • 8+ years of relevant work experience
  • 6+ years working experience as a security analyst or equivalent
  • Industry relevant certifications such as CISSP, CRISC, CISA, CISM, CGEIT, etc.
  • Knowledge with common compliance frameworks like the CIS Critical Controls, NIST SP800, ISO27001

Physical Demands and Work Environment:

  • Duties are performed in a normal office environment while sitting at a desk or computer table and have the ability to work remotely.
  • Duties require the ability to utilize a computer, communicate over the telephone, and read printed material.
  • Duties may require being on call periodically and working outside normal working hours (evenings and weekends).
  • Duties may require the ability to travel via automobile or airplane, approximately 5% of the time spent traveling.

In addition, we will need you to meet F5, customer, and/or government security screening requirements for this role. The background investigation may review an applicant’s actions, relationships, and experiences going back 10 years.

#LI-ZB1

The Job Description is intended to be a general representation of the responsibilities and requirements of the job. However, the description may not be all-inclusive, and responsibilities and requirements are subject to change.

The annual U.S. base pay range for this position is: $139,746.00 - $209,618.00

F5 maintains broad salary ranges for its roles in order to account for variations in knowledge, skills, experience, geographic locations, and market conditions, as well as to reflect F5’s differing products, industries, and lines of business. The pay range referenced is as of the time of the job posting and is subject to change.

You may also be offered incentive compensation, bonus, restricted stock units, and benefits. More details about F5’s benefits can be found at the following link: https://www.f5.com/company/careers/benefits. F5 reserves the right to change or terminate any benefit plan without notice.

Please note that F5 only contacts candidates through F5 email address (ending with @f5.com) or auto email notification from Workday (ending with f5.com or @myworkday.com).

Equal Employment Opportunity

It is the policy of F5 to provide equal employment opportunities to all employees and employment applicants without regard to unlawful considerations of race, religion, color, national origin, sex, sexual orientation, gender identity or expression, age, sensory, physical, or mental disability, marital status, veteran or military status, genetic information, or any other classification protected by applicable local, state, or federal laws. This policy applies to all aspects of employment, including, but not limited to, hiring, job assignment, compensation, promotion, benefits, training, discipline, and termination. F5 offers a variety of reasonable accommodations for candidates. Requesting an accommodation is completely voluntary. F5 will assess the need for accommodations in the application process separately from those that may be needed to perform the job. Request by contacting accommodations@f5.com.