Share this Job

Title:  Senior Governance, Risk and Compliance Analyst


Research Triangle Park, NC, US, 27709

Requisition ID:  28894


Are you data-driven?  We at NetApp believe in the transformative power of data – to expand customer touchpoints, to foster greater innovation, and to optimize operations.  We are designed for simplicity, optimized to protect, created to embrace future opportunity, and open to enrich choice.  We are the data authority for hybrid cloud, and we are helping our customers realize the full potential of their data.


We’ve built a Data Fabric for a data-driven world – to simplify and integrate data management across the resources that are best for the business.  With the Data Fabric, our customers can harness the power of cloud data services, build cloud infrastructures, and modernize storage through data management.

Job Summary

The Senior Governance, Risk and Compliance (GRC) Analyst position is technical and analytical in nature and calls for a fast-learner with a history of technical and business experience. The ideal candidate will have strong organizational skills and the ability to manage a diverse workload in a fast-paced environment. Responsibilities may include ISO27001:2013 certification management, information security (InfoSec) risk analytics, governance policy and standards drafting, risk remediation process implementation, NIST800 compliance and framework management, disaster recovery program management, as well as other GRC subject matter expert related duties in support of the Enterprise Information Security (EIS) team. This role requires an ability to apply InfoSec risk management principles, partnering with various diverse teams to provide guidance to business stakeholders across different functional business areas of the enterprise.


Duties and Responsibilities

  • Documentation review; drafting of policy, procedures and standards, certification and accreditation documents
  • Monitor compliance for regulatory requirements such as DFARS/NIST 800-171, NIST 800-53, NIST Cybersecurity Framework, ITAR, and other Federal regulations, including any new regulatory initiatives applicable to the business (e.g. GDPR)
  • Perform InfoSec risk and control assessments and report on risks and recommend mitigation strategies
  • Document and monitor InfoSec remediation and control improvements.
  • Collaborate with Incident Response, Vulnerability Management and Insider Threat teams to develop risk mitigation strategies from new and emerging risks
  • Build awareness and accountability around IT governance, risk, and compliance control functions
  • Articulate InfoSec risk into business terms while engaging with stakeholders
  • Serve as an EIS liaison to business units and third parties to create and/or provide feedback on items assigned or influenced by the team (e.g., InfoSec best practices, policy and procedure development, employee education and awareness, security exceptions)
  • Maintain the supplier risk management process to identify and mitigate the risk of third-party relationships
  • Develop and maintain disaster recovery management plans for critical IT applications and liaison with the business continuity analysts in support of the corporate resiliency program
  • Manage various projects, including effective project tracking, issue handling, and follow up
  • Maintain confidentiality of all investigations, reports, and other confidential and sensitive information associated with position
  • Interact enterprise-wide with all levels of personnel, including executives, business functional heads and technical staff
  • Define and deliver appropriate EIS GRC metrics, analytics, and scorecards
  • Organize and leads EIS GRC related meetings and prepare meeting agendas and minutes
  • Be team-oriented and promote execution and change through influence

Minimum Qualifications

  • Bachelor's degree in business, accounting, finance, computer science, information systems, engineering, or a related field required; graduate degree in a security domain highly preferred.
  • At least four (4) years of specific experience with methodologies, activities, tools and enablers in a technology related industry that track to the roles and responsibilities listed and seven (7) – ten (10) years of total experience in business process analysis, project methodology and domain leadership required.
  • Possess industry-specific knowledge regarding security related regulations and controls, such as Sarbanes Oxley, Gramm Leach Bliley (GLB), Data Privacy, ISO 27001, Fed Ramp, and NIST 800, as well as technical approach and best practice advice for practitioners 
  • Excellent written and verbal communication skills.
  • Strong analytical and problem-solving skills.
  • Ability to work both independently and as part of a team to deliver quality work product in a timely fashion in a fast-paced environment.
  • Ability to multi-task and prioritize tasks.
  • Ability to work well with people from many different disciplines with varying degrees of technical experience.
  • Ability to adapt to a dynamic, rapidly changing business and technical environment.
  • Ability to exercise good professional judgment.
  • Ability to maintain confidentiality.
  • Ability to oversee all aspects of projects and manage projects through the entirety of the life cycle
  • Ability to develop security standards and guidelines based on best practices and industry standards

Preferred Qualifications

  • Infosec related training or certifications such as CISSP CISA, CRISC, CISM, or GIAC
  • Experience performing information security audits or risk assessments
  • Experience with security auditing processes
  • Experience with GRC automation software, ServiceNow, or other compliance and workflow tools. 


So get ready to tap into the data visionary within, and join us as we accelerate digital transformation and empower our customers to change the world with data!


If you ask a NetApp employee why they work here, the answer is inevitably the same: the people. At NetApp, our culture is at the heart of what we do. We place importance in trust, integrity, teamwork, and caring above all else. NetApp is a place where people are empowered to make a difference. Empowered to innovate. Empowered to collaborate. Empowered to help ourselves and others be data-driven and change the world. We take care of each other, our customers, our partners, and our communities simply because it’s the right thing to do.


We work hard but also recognize the importance of work-life balance for our employees because what’s important to them is important to us!  Recently we implemented Family First, which encourages employees to take paid time off to bond with a new child (through birth or adoption) or to care for a family member with a serious health condition.  Our volunteer time off program is best in class, offering employees 40 hours of paid time off per year to donate their time with their favorite organizations.  We provide comprehensive medical, dental, wellness and vision plans for you and your family.  We offer educational assistance, legal services, and access to discounts and fitness centers. We also offer financial savings programs to help you plan for your future.  


Join us and see what empowerment can do. 



Equal Opportunity Employer Minorities/Women/Vets/Disabled

Nearest Major Market: Durham
Nearest Secondary Market: Raleigh

Job Segment: Risk Management, Compliance, Medical, Engineer, Law, Finance, Legal, Healthcare, Engineering