Risk and Compliance Specialist will facilitate the completion of internal and external audits including ISO27001, AICPA SSAE 18 SOC 2 Type 2, and various customer audits to accurately reflect NetApp’s security and compliance posture to current and potential customers. The Risk and Compliance Specialist will work with the Global Security Team and internal business units to understand NetApp's security posture and audit preparedness. Job responsibilities include collecting supporting evidence for controls, identify gaps in expectations/capabilities, and determine strategies for completing all audits throughout the year.
Ability to demonstrate a strong understanding of various compliance and regulatory areas (e. g. GDPR, DFARS/NIST 800-171, CMMC, ISO27001, SSAE 18 SOC 2 Type 2) or the risk register, risk exposure, risk reporting and handling of risk events
Facilitates ISO27001, SOC 2 Type II, and customer audits
Experience with Cloud Control Frameworks (CIS Benchmarks, Cloud Security Controls Matrix)
Organizes a team of auditors to efficiently accomplish audit tasks while reporting progress to Senior Leaders
Effectively works with team to complete customer audit requests and manages scope
Assists the Sales department in the completion of customer questionnaires
Communicates with other business units to determine applicability and scope of questionnaires
Collaborates with Global Security and/or other internal business to collect supporting evidence
Facilitates customer audits, evidence gathering, finalizing responses, tracking remediation tasks, and audit close
Communicates gaps in processes/compliance requirements with control owners
Excellent written and verbal communication skills
Strong analytical and problem-solving skills
Work well with people from many different disciplines with varying degrees of technical experience
Information security related training or certifications such as CISA, CISSP, or CRISC
Experience performing information security audits or risk assessments
Preferred Qualifications
BTech in Computer Science or a related field required with a minimum of 8+ years of related experience of which at least years of experience in business process analysis, project methodology, or systems development life cycle through education or on-the-job experience required
Did you know...
If you want to help us build knowledge and solve big problems, let's talk.