Title: GRC Analyst - Compliance

Location:

NC, US

Requisition ID: 130845

Job Summary

The GRC Compliance Analyst will facilitate the completion of industry, regulatory, and customer audit requests to accurately reflect NetApp’s security and compliance posture to current and potential customers. The analyst will work with the overall Global Security Team and internal business units to understand our security and continuity posture, collect supporting evidence, identify gaps in expectations/capabilities, and drafts externally facing responses.

Job Requirements

• Facilitates ISO27001, SOC 2 Type II, and customer audits
• Assists the Sales department in the completion of RFIs, RFPs, and customer security questionnaires
• Communicates with other business units to determine applicability and scope of questionnaires
• Assists with the build, implementation and maintenance of Global Security’s external compliance product/SaaS tool including AI upgrades, documentation, and daily management
• Collaborates with Global Security and/or other internal business to collect supporting evidence
• Facilitate customer audits, evidence gathering, finalizing responses, tracking remediation tasks, and audit close
• Communicates gaps in processes/compliance requirements with Global Security Risk Team as necessary
• Assists in reviewing customer/partner contracts for Information Security requirements
• Collaborates with internal business units to provide evidence and/or information for internal and external audits
• Ensures all Security policy and procedures are documented and updated according to Global Security standards, deadlines are met, approvals obtained, guidelines followed, repository usage understood, and repository / system of record up to date as defined by the Global Security Governance program

Education

• Bachelor's degree in business, accounting, finance, computer science, information systems, engineering, or a related field strongly preferred; equivalent combination of education and experience may be substituted in lieu of degree.
• At least two (2) years of GRC (governance, risk, compliance) experience with methodologies, activities, tools and enablers in a technology related industry and five (5) –seven (7) years of experience in business process analysis, project methodology, or systems development life cycle through education or on-the-job experience, required.
• Ability to demonstrate a strong understanding of various compliance and regulatory areas (e. g. GDPR, SOC 2, DORA, ISO27001)
• Excellent written and verbal communication skills.
• Strong analytical and problem-solving skills.
• Ability to work both independently and as part of a team to deliver quality work products in a timely fashion in a fast-paced environment.

Compensation:
The target salary range for this position is 124,950 - 185,900 USD. The salary offered will be determined by the candidate's location, qualifications, experience, and education and may be outside of this range. Final compensation packages are competitive and in line with industry standards, reflecting a variety of factors, and include a comprehensive benefits package. This may cover Health Insurance, Life Insurance, Retirement or Pension Plans, Paid Time Off (PTO), various Leave options, Performance-Based Incentives, employee stock purchase plan, and/or restricted stocks (RSU’s), with all offerings subject to regional variations and governed by local laws, regulations, and company policies. Benefits may vary by country and region, and further details will be provided as part of the recruitment process.