NetApp Sr Risk Compliance Lead 

India, Karnataka, Bengaluru 

647744240

Risk and Compliance Specialist will facilitate the completion of internal and external audits including ISO27001, AICPA SSAE 18 SOC 2 Type 2, and various customer audits to accurately reflect NetApp’s security and compliance posture to current and potential customers. The Risk and Compliance Specialist will work with the Global Security Team and internal business units to understand NetApp's security posture and audit preparedness. Job responsibilities include collecting supporting evidence for controls, identify gaps in expectations/capabilities, and determine strategies for completing all audits throughout the year.

Facilitates ISO27001, SOC 2 Type II, and customer audits

Experience with Cloud Control Frameworks (CIS Benchmarks, Cloud Security Controls Matrix)

Organizes a team of auditors to efficiently accomplish audit tasks while reporting progress to Senior Leaders

Effectively works with team to complete customer audit requests and manages scope

Assists the Sales department in the completion of customer questionnaires

Communicates with other business units to determine applicability and scope of questionnaires

Collaborates with Global Security and/or other internal business to collect supporting evidence

Facilitates customer audits, evidence gathering, finalizing responses, tracking remediation tasks, and audit close

Communicates gaps in processes/compliance requirements with control owners

Bachelor's degree in business, accounting, finance, computer science, information systems, engineering, or a related field strongly preferred; equivalent combination of education and experience may be substituted in lieu of degree

At least two (2) years of GRC (governance, risk, compliance) experience with methodologies, activities, tools and enablers in a technology related industry and five (5) – seven (7) years of experience in business process analysis, project methodology, or systems development life cycle through education or on-the-job experience, required

Ability to demonstrate a strong understanding of various compliance and regulatory areas (e. g. GDPR, DFARS/NIST 800-171, CMMC, ISO27001, SSAE 18 SOC 2 Type 2) or the risk register, risk exposure, risk reporting and handling of risk events

Excellent written and verbal communication skills

Strong analytical and problem-solving skills

Work well with people from many different disciplines with varying degrees of technical experience

Information security related training or certifications such as CISA, CISSP, or CRISC

Experience performing information security audits or risk assessments