המקום בו המומחים והחברות הטובות ביותר נפגשים
Risk and Compliance Specialist will facilitate the completion of internal and external audits including ISO27001, AICPA SSAE 18 SOC 2 Type 2, and various customer audits to accurately reflect NetApp’s security and compliance posture to current and potential customers. The Risk and Compliance Specialist will work with the Global Security Team and internal business units to understand NetApp's security posture and audit preparedness. Job responsibilities include collecting supporting evidence for controls, identify gaps in expectations/capabilities, and determine strategies for completing all audits throughout the year.
Facilitates ISO27001, SOC 2 Type II, and customer audits
Experience with Cloud Control Frameworks (CIS Benchmarks, Cloud Security Controls Matrix)
Organizes a team of auditors to efficiently accomplish audit tasks while reporting progress to Senior Leaders
Effectively works with team to complete customer audit requests and manages scope
Assists the Sales department in the completion of customer questionnaires
Communicates with other business units to determine applicability and scope of questionnaires
Collaborates with Global Security and/or other internal business to collect supporting evidence
Facilitates customer audits, evidence gathering, finalizing responses, tracking remediation tasks, and audit close
Communicates gaps in processes/compliance requirements with control owners
Bachelor's degree in business, accounting, finance, computer science, information systems, engineering, or a related field strongly preferred; equivalent combination of education and experience may be substituted in lieu of degree
At least two (2) years of GRC (governance, risk, compliance) experience with methodologies, activities, tools and enablers in a technology related industry and five (5) – seven (7) years of experience in business process analysis, project methodology, or systems development life cycle through education or on-the-job experience, required
Ability to demonstrate a strong understanding of various compliance and regulatory areas (e. g. GDPR, DFARS/NIST 800-171, CMMC, ISO27001, SSAE 18 SOC 2 Type 2) or the risk register, risk exposure, risk reporting and handling of risk events
Excellent written and verbal communication skills
Strong analytical and problem-solving skills
Work well with people from many different disciplines with varying degrees of technical experience
Information security related training or certifications such as CISA, CISSP, or CRISC
Experience performing information security audits or risk assessments
Did you know...
If you want to help us build knowledge and solve big problems, let's talk.
משרות נוספות שיכולות לעניין אותך