Sr Cyber Governance, Risk, and Compliance Analyst

At F5 we strive to bring a better digital world to life. Our teams empower organizations across the globe to create secure and run applications that enhance how we experience our evolving digital world. We are passionate about cybersecurity from protecting consumers from fraud to enabling companies to focus on innovation.

Everything we do centers around people. That means we obsess over how to make the lives of our customers and their customers better. And it means we prioritize a diverse F5 community where each individual can thrive.

Position Summary

A Governance Risk and Compliance (GRC) Senior Analyst is a Cybersecurity professional responsible for the maintenance and support of Cybersecuritys many programs (including risk management compliance and vulnerability management) that meets the parameters prescribed by the Office of the CISO for the organization.

Primary Responsibilities

An individual contributor in the Cybersecurity department that is chartered with supporting the companys Cybersecurity program. Responsible for assisting with management and monitoring the companys security risks security compliance guidelines and controls security awareness training vulnerability management and development / dissemination of best-practice standards policies and procedures. The individual will work with various functions throughout the enterprise to evaluate the design and effectiveness of the control environment and maintain the security posture of the program.

• Responsible for upholding F5s Business Code of Ethics and for promptly reporting violations of the Code or other company policies.
• Assist with audit risk management and compliance program
  • Support and improve security risk management and control framework including Secure Software Development Lifecycle and Data Security Posture Management
  • Monitor internal compliance against information security governance frameworks by conducting routine testing and internal control reviews as well as enterprise security risk assessments
  • Identify and communicate control gaps evaluate management remediation action plans and provide ongoing monitoring of resolution
  • Execute annual assessment program including customer and external compliance assessments (ISO 27001/17/18 IT SOX SOC 2 FedRAMP HIPPA and PCI-DSS) and required vulnerability assessment including remediation activities
  • Maintain awareness of external regulations and industry standards for new or modified requirements (FedRAMP GDPR PCI-DSS CCPA NIST 800-53 ISO 27001 etc.)
  • Perform assessments of supporting third parties to evaluate current security posture and monitor ongoing adherence to F5s information security requirements
• Assist with management of the security assessment program
  • Lead and improve supporting of security assessments including third-party security assessment and customer security questionnaires.
  • May assist with performing legal security reviews of contracts on request of Legal department.
  • May work with external vendors to perform assessments (i.e. pen testing assessments) as directed.
  • Develop knowledge pertaining to Threat Model Assessments
• Assist with management of the vulnerability management program
  • Review and analyze highly complex remediation of findings.
  • Monitor notify and/or assist with remediation steps for identified vulnerabilities.
  • Engage with stakeholders to address outstanding vulnerabilities.
  • May assist with reporting on status of program to Cybersecurity Leadership or other management teams.

• Performs other related duties as assigned.

The Job Description is intended to be a general representation of the responsibilities and requirements of the job. However the description may not be all-inclusive and responsibilities and requirements are subject to change.

Knowledge Skills and Abilities

• Expert familiarity with systems and network infrastructure security technologies including application/OS hardening techniques network protocols network & application firewalls intrusion detection systems.
• Expert hands-on familiarity with security risk-assessment tools & techniques (vulnerability testing penetration testing social engineering etc)
• Excellent program/project management abilities.
• Recognizes that policies must be conceived and implemented in the context of a dynamic customer-oriented for-profit business environment
• Excellent written & verbal communications; superior interpersonal planning documentation organization and problem solving skills.
• Expert ability to act independently; interface with people at all levels in the company and take initiative to engage internal & external personnel/services to ensure effective & reliable systems.
• Proven initiative to engage internal & external personnel/services to ensure effective & reliable systems.
• Foreign language skills a plus
• Proven experience influencing a team to achieve positive results

Qualifications

• BS/BA or equivalent work experience in security related field
• 8 years of relevant work experience
• 6 years working experience as a security analyst or equivalent
• Industry relevant certifications such as CISSP CRISC CISA CISM CGEIT etc.
• Knowledge with common compliance frameworks like the CIS Critical Controls NIST SP800 ISO27001

Physical Demands and Work Environment:

• Duties are performed in a normal office environment while sitting at a desk or computer table and have the ability to work remotely.
• Duties require the ability to utilize a computer communicate over the telephone and read printed material.
• Duties may require being on call periodically and working outside normal working hours (evenings and weekends).
• Duties may require the ability to travel via automobile or airplane approximately 5% of the time spent traveling.

In addition we will need you to meet F5 customer and/or government security screening requirements for this role. The background investigation may review an applicants actions relationships and experiences going back 10 years.

The Job Description is intended to be a general representation of the responsibilities and requirements of the job. However the description may not be all-inclusive and responsibilities and requirements are subject to change.

Our Values

At F5 we live and breathe our core values Excellence Integrity Collaboration Customer Dedication Profitable Growth Innovation Employee Success and Diversity. We help each other achieve our goals value the diversity of ideas different backgrounds can bring emphasize teamwork over rock-stars work hard and most of all have fun.

We offer work/life integration programs like Freedom to Flex dynamic employee inclusion groups paid maternity/paternity leave tuition assistance for professional development a comprehensive mentoring program rewards/recognition and so much more. At F5 we truly do help each other thrive and it shows: F5 has been named one of the Worlds Most Admired Companies by Fortune magazine for the past two years.

And this dedication to living our culture doesnt just exist within our offices; it extends into our communities through Global Good initiatives such as employee matching volunteer opportunities and the F5 Foundation. Our employees are passionate about making a difference in the world.

This is a once-in-a-lifetime opportunity to become part of a company thats on the forefront of transformation. And because we know that a more diverse F5 is a more powerful F5 were looking for smart passionate determined individuals to join us. If you make thoughtful decisions quickly obsess over your customers needs take ownership of your work (the mistakes as well as the successes) and embrace different perspectives by putting the human first then we want to talk to you.

F5 Inc. is an equal opportunity employer and strongly supports diversity in the workplace.

We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process to perform essential job functions and to receive other benefits and privileges of employment.

LI-KT1

The Job Description is intended to be a general representation of the responsibilities and requirements of the job. However the description may not be all-inclusive and responsibilities and requirements are subject to change.

F5 maintains broad salary ranges for its roles in order to account for variations in knowledge skills experience geographic locations and market conditions as well as to reflect F5s differing products industries and lines of business. The pay range referenced is as of the time of the job posting and is subject to change.

You may also be offered incentive compensation bonus restricted stock units and benefits. More details about F5s benefits can be found at the following link: F5 reserves the right to change or terminate any benefit plan without notice.

Please note that F5 only contacts candidates through F5 email address (ending with @) or auto email notification from Workday (ending with or @).

Equal Employment Opportunity

It is the policy of F5 to provide equal employment opportunities to all employees and employment applicants without regard to unlawful considerations of race religion color national origin sex sexual orientation gender identity or expression age sensory physical or mental disability marital status veteran or military status genetic information or any other classification protected by applicable local state or federal laws. This policy applies to all aspects of employment including but not limited to hiring job assignment compensation promotion benefits training discipline and termination. F5 offers a variety of reasonable accommodations for candidates. Requesting an accommodation is completely voluntary. F5 will assess the need for accommodations in the application process separately from those that may be needed to perform the job. Request by contacting .