Share this Job

Title:  Governance, Risk and Compliance Analyst


Research Triangle Park, NC, US, 27709

Requisition ID:  49541
Job Summary

Job Title: GRC Analyst - Cloud Data Services 

Job Summary 

The Cloud GRC Analyst is responsible for assessing the conformance of NetApp Cloud Service Offerings (CSOs) to authoritative standards for cloud security, compliance, and risk management. In collaboration with the Cloud Security & Compliance (CSC) Program Manager, this role is responsible for effectively managing and communicating risks and continuously improving the Confidentiality, Integrity, and Availability of NetApp CSOs. 

The position has the opportunity to influence and impact security and compliance actions across NetApp Business Units and must possess a high degree of integrity, sound judgment, and domain competency in the field of Governance, Risk, and Compliance (GRC). The ideal candidate is an integrator of people and processes, a thought leader, a problem solver, with strong knowledge of cloud security industry best practices, cloud infrastructure technologies, and effective communication skills. 

Job Requirements

Job Requirements 

  • Assist NetApp Cloud Data Services (CDS) product teams to implement the NetApp Cloud Security & Compliance (CSC) Framework, common controls baseline, and best practices that continuously improve the Confidentiality, Integrity, and Availability of NetApp CSOs 

  • Perform gap analyses of NetApp CSOs against the CSC common controls baseline and assist with development and implementation of controls that mitigate gaps   

  • Maintain CSC Risk Register and help CDS product teams to: identify / assess risks to critical assets; evaluate the effectiveness of existing controls; and develop / implement Risk Treatment Plans (RTPs) that mitigate risk to acceptable levels 

  • Track and report on the CSC Roadmap, Key Performance Indicators (KPIs), Risk Treatment Plans (RTPs), and Corrective Action Plans (CAPs) related to internal / external assessments 

  • Assist with implementation of the CSC internal audit program and NetApp CSO conformance to CSC policies, procedures, and authoritative standards for cloud security (ISO/IEC 27001, SOC 2, FedRAMP)   

  • Effectively communicate with internal / external auditors and other stakeholders that influence the security and compliance posture of NetApp CSOs 

  • Maintain currency of CSC Framework policies and procedures and assist with stakeholder communication, training, and awareness  

  • Maintain industry currency in regulations, standards, and guidance for cloud security, compliance, and data privacy 


Preferred Qualifications 

  • Knowledge of the architectures and security capabilities of Microsoft Azure, Google Cloud, and Amazon Web Services (AWS) platforms 

  • Experience with Jira and Confluence 

  • Professional cloud security or project management certification (e.g., CCSK, CCSP, CRISC, PMP) 

  • Big four consulting experience 

  • Active security clearance (Secret and above) within last 12 - 18 months 

Education and Experience 

  • Bachelor’s degree or equivalent experience in a relevant discipline (Masters preferred) 

  • 5+ years of experience in the IT field in a security leadership / influencer role related to IT audits, risk management, or system development 

  • Experience implementing cloud security and compliance standards, frameworks, and controls (ISO/IEC 27001, SOC 2, FedRAMP, NIST SP 800-53r4) for cloud service delivery models (IaaS, PaaS, SaaS)