Expoint - all jobs in one place

The point where experts and best companies meet

Limitless High-tech career opportunities - Expoint

NetApp Sr Risk Compliance Lead 
India, Karnataka, Bengaluru 
647744240

04.08.2024
Job Summary
  • Risk and Compliance Specialist will facilitate the completion of internal and external audits including ISO27001, AICPA SSAE 18 SOC 2 Type 2, and various customer audits to accurately reflect NetApp’s security and compliance posture to current and potential customers. The Risk and Compliance Specialist will work with the Global Security Team and internal business units to understand NetApp's security posture and audit preparedness. Job responsibilities include collecting supporting evidence for controls, identify gaps in expectations/capabilities, and determine strategies for completing all audits throughout the year.

  • Facilitates ISO27001, SOC 2 Type II, and customer audits

  • Experience with Cloud Control Frameworks (CIS Benchmarks, Cloud Security Controls Matrix)

  • Organizes a team of auditors to efficiently accomplish audit tasks while reporting progress to Senior Leaders

  • Effectively works with team to complete customer audit requests and manages scope

  • Assists the Sales department in the completion of customer questionnaires

  • Communicates with other business units to determine applicability and scope of questionnaires

  • Collaborates with Global Security and/or other internal business to collect supporting evidence

  • Facilitates customer audits, evidence gathering, finalizing responses, tracking remediation tasks, and audit close

  • Communicates gaps in processes/compliance requirements with control owners

Minimum Qualifications
  • Bachelor's degree in business, accounting, finance, computer science, information systems, engineering, or a related field strongly preferred; equivalent combination of education and experience may be substituted in lieu of degree

  • At least two (2) years of GRC (governance, risk, compliance) experience with methodologies, activities, tools and enablers in a technology related industry and five (5) – seven (7) years of experience in business process analysis, project methodology, or systems development life cycle through education or on-the-job experience, required

  • Ability to demonstrate a strong understanding of various compliance and regulatory areas (e. g. GDPR, DFARS/NIST 800-171, CMMC, ISO27001, SSAE 18 SOC 2 Type 2) or the risk register, risk exposure, risk reporting and handling of risk events

  • Excellent written and verbal communication skills

  • Strong analytical and problem-solving skills

  • Work well with people from many different disciplines with varying degrees of technical experience

Preferred Qualifications
  • Information security related training or certifications such as CISA, CISSP, or CRISC

  • Experience performing information security audits or risk assessments

Did you know...

If you want to help us build knowledge and solve big problems, let's talk.