Title:  Global Security Compliance Lead

Job Summary

The Global Security Compliance Lead is a key role in ensuring regulatory compliance with CRA and NIS2 regulations within Business Units across NetApp. The Compliance Lead will be responsible for partnering with NetApp Business Units and the SDL team to communicate, verify, and track internal compliance to NetApp policies and standards, industry standard requirements, external certification controls, and customer expected controls. The Compliance Lead will support creating/reviewing documentation, reporting, developing compliance controls, and identifying risks in a system of record.

Job Requirements

•    Lead and facilitate control testing discussions related to CRA and NIS2 regulations with senior leaders and communicate status to leaders.
•    Work with SDL teams to ensure regulatory compliance through education, training, and control creation.
•    Create, review, map, and update cybersecurity controls based on CRA, NIS2, industry standards, and customer expectations.
•    Assist the Sales department in the completion of customer questionnaires related to CRA and NIS2 compliance.
•    Communicate with other business units and peers to determine appropriate scope and test control statements.
•    Collaborate with internal business units and the SDL team to provide evidence and/or information for internal and external audits.
•    Collaborate with Global Security and/or other internal business units to collect supporting evidence.
•    Identify, plan, track, and coordinate risk remediation according to internal risk frameworks.
•    Communicate gaps in processes/compliance requirements with the Global Cybersecurity Assurance Team as necessary.
•    Assist in reviewing customer/partner contracts for Information Security requirements related to CRA and NIS2.
•    Ensure all Security policy and procedures are documented and updated according to Global Security Standards, deadlines are met, approvals obtained, guidelines followed, repository usage understood, and repository/system of record up-to-date as defined by the Global Cybersecurity Governance program.
•    Lead and support industry and customer audits to ensure compliance with CRA, NIS2, and other relevant regulations.
•    Prepare and present audit findings to senior management and stakeholders, providing recommendations for improvements.
•    Monitor and track audit remediation efforts to ensure timely and effective resolution of identified issues.

Education

•    Bachelor's degree in business, accounting, finance, computer science, information systems, engineering, or a related field strongly preferred; equivalent combination of education and experience may be substituted in lieu of degree.
Minimum Qualifications 
•    At least two (2) years of GRC (governance, risk, compliance) experience with methodologies, activities, tools, and enablers in a technology-related industry and five (5) – seven (7) years of experience in business process analysis, project methodology, or systems development life cycle through education or on-the-job experience, required.
•    Ability to demonstrate a strong understanding of various compliance and regulatory areas (e.g., CRA, NIS2, GDPR, DFARS/NIST 800-53, ISO27001, and SOC2).
•    Experience with cloud hyperscalers (i.e., Amazon, Google, Azure) and compliance requirements in the cloud.
•    Excellent written and verbal communication skills.
•    Strong analytical and problem-solving skills.
•    The ability to work well with people from many different disciplines with varying degrees of technical experience.
•    The ability to adapt to a dynamic, rapidly changing business and technical environment.

Preferred Qualifications 

•    Information security-related training or certifications such as CISSP, CISA, or CRISC.
•    Project management experience.
•    Experience performing information security audits or risk assessments.
•    Familiarity with security audit or risk management processes.