F5 Director Technology Risk & Compliance 

United States, Washington, Seattle 

660400265

Job Description

We are looking for risk management professionals who possess imagination, creativity, and vision which can be employed to build control processes and solutions that are tailored to the unique needs of our organization. You will build for the future by designing TS monitoring, testing, and risk management procedures to identify and evaluate risk exposures and determine the effectiveness and efficiency of controls.

Responsibilities:

• Build, lead and manage a small technology risk and compliance team
• Translate security and compliance requirements into projects and tasks, prioritize tickets, remove blockers, and track dependencies across multiple teams.
• Partner with existing programs to facilitate and project manage recurring programs including access control audits, application and network penetration tests, testing of disaster recovery, business continuity, and incident response plans, and annual policy review.
• Develop policy, procedure, and process to ensure that TS controls are compliant with regulations and policies in partnership with TS delivery teams.
• Partner with Internal Audit to execute annual TS Risk Assessment and drive subsequent risk response and mitigation plans.
• Define Sarbanes-Oxley (SOX) ITGC, ISO 27001, and other applicable compliance goals and ensure that methods and measurements are put in place to execute.
• Monitor activities of assigned TS areas to ensure compliance with internal policies and procedures including monthly, quarterly, and annual account and activity reviews.
• Review, document and identify gaps in current TS processes while charting the path to remediation. You will work in close collaboration with our operational partners to drive gaps to closure and make meaningful and lasting changes to our processes.
• Serve as a point-of-contact for violations of regulations, policy, and procedures.
• Be the main point of contact for Technology Services and assist on all internal and external audit teams where TS inquiry is required.
• Lead TS compliance certifications and represent TS in broader enterprise certifications.
• Partner with GRC team to ensure execution of required testing and auditing activities for the TS Department by internal and external parties leading to successful certification of the company on an ongoing basis.
• Work collaboratively with Security, Compliance, and Legal teams to identify and manage privacy, data protection risks, and compliance requirements to help meet stakeholder expectations.
• Responsibility to develop and maintain risk and compliance related policies and procedures.
• Drafting responses to findings and memos for SOX and other audit and certification findings.
• Influencing the culture of the Technology Services organization to embed a risk mindset into all processes.

Knowledge, Skills and Abilities

• Proven experience building and leading technology risk and compliance teams, partnering with internal audit and external auditors
• Excellent leadership and team management skills, with the ability to inspire and motivate teams.
• Expert knowledge of technology and cyber risks and experience in working and collaborating with cross functional teams leading risk management and compliance programs.
• Common frameworks and standards such as NIST, CIS, ISO.
• Experience performing ISO 27001, NIST, SOX, or equivalent standards consulting, reviews and assessments.
• Knowledge and experience of key legal and regulatory compliance, e.g. SOX, FedRAMP, GDPR, CCPA.
• ServiceNow Integrated Risk Module or comparable experience.
• Excellent project and program management skills and experience.
• Have demonstrated ability to lead and influence to gain consensus; experience in partnering with executive and senior management.
• Ability to explain technical or complex issues and concerns in non-technical ways.
• Ability to deliver results while working with remote, virtual, and cross-functional teams without direct authority.
• Good presentation, meeting facilitation, negotiation, and conflict management skills.
• Exceptional analytical and problem-solving skills with attention to detail and accuracy.
• Capability to multi-task and be resourceful, able to adapt to changing requirements quickly while maintaining accountability.
• Ability to build strong, sustainable relationships with diverse internal and external partners at all levels.

Qualifications

• BS/BA degree in a risk, compliance, audit, or computer related field; or equivalent industry experience.
• 10+ years related experience with a minimum of 8 years leading Governance, Risk, and Compliance or internal audit functions at technology-based companies or in technical domains.
• Certified as a risk professional; RIMS-CRMP, CRISC, CCSFP, or PMI-RMP qualification is preferred.
• Demonstrated knowledge of technology services and IT.
• Additional relevant certifications such as, CISM, CISA, CCSFP, CIA, CISSP, PMP, or equivalent preferred.

Our Values

The Job Description is intended to be a general representation of the responsibilities and requirements of the job. However, the description may not be all-inclusive, and responsibilities and requirements are subject to change.

Phishing Alert

The Job Description is intended to be a general representation of the responsibilities and requirements of the job. However, the description may not be all-inclusive, and responsibilities and requirements are subject to change.

The annual base pay for this position is: $195,851.00 - $293,777.00