Title:  Technical Program Manager - Cloud Security / Governance, Risk & Compliance

About NetApp

We’re forward-thinking technology people with heart. We make our own rules, drive our own opportunities, and try to approach every challenge with fresh eyes. Of course, we can’t do it alone. 

We know when to ask for help, collaborate with others, and partner with smart people. 

We embrace diversity and openness because it’s in our DNA. We push limits and reward great ideas. What is your great idea?

About the Role

As a GRC TPM in the Cloud business, you will join a growing Security & Compliance team within NetApp’s fastest-growing business - https://cloud.netapp.com/.

The role is to design, implement, and assess security controls from a technical lens.

If you are passionate about doing Security & Compliance at the cloud scale in an innovative and automated (compliance-as-a-code) way – this role is for you.

The position can influence and impact security, compliance, and assurance efforts across teams, products, and functions within the company. 

For the right candidate, the role will be shaped and scoped based on your strengths. We are looking at a broad set of skills. Let’s chat.

Responsibilities

• Drive compliance with a technical lens.
• Design, implement, maintain, and improve compliance programs to address key risks and prepare product teams for assessments against various regulatory and compliance frameworks (ISO/IEC 27001, SOC2, PCI, NIST, FedRamp, etc.)
• Partner with Engineering, SRE, Product, Cloud Security, Legal, Privacy, and Corporate Security teams to collaborate on pragmatic solutions to security risks and compliance issues.
• Assist with improving internal policies, processes, and overall security governance.
• Drive automation and assist with the adoption of GRC tooling within business.
• Perform technical gap assessments and risk assessments.
• Facilitate control monitoring activities.
• Closely work with the Cloud Security team on initiatives and any risks impacting your area of responsibility.
• Identify opportunities that create a positive impact on our activities and achieve efficiencies.
• Maintain and optimize security compliance monitoring and alerting systems and advise control owners on system policy violations.

Job Requirements

• 5+ years of experience in building and maintaining security risk & compliance programs.
• Experience in implementing technical security controls and assessing compliance standards (ISO/IEC 27001, SOC2, PCI, NIST, FedRamp, etc.) over infrastructure, applications, and Development and Cloud Engineering processes.
• Ability to assess security risks in a cloud environment
• Strong understanding of technical concepts relevant to cloud computing environments: virtual infrastructure (cloud resources on AWS/Azure, Kubernetes technology, and containers), logical access control, DevOps development process, secure coding principles, CI/CD processes, logging & monitoring, incident response, cryptography, network security, and privacy, etc.
• Familiarity with native security and compliance capabilities within cloud providers and technologies/processes around SIEM, vulnerability scanning, cloud security configuration, endpoint detection & response tools, and other infrastructure security tools
• Excellent writing and communication skills with attention to detail
• Strong project management and organizational skills - must be able to drive your own projects to completion.
• Ability to work in a fast-paced and sometimes unorganized environment with multiple teams A big plus if you have any of these
• Similar experience within a SaaS product company or Big4 auditing/consulting experience with a strong focus on Security advisory
• Experience with FedRamp 

Education

• Bachelors or Master of Engineering – preferably in Computers or IT.
• Professional certifications/ education in Security/Compliance - AWS certifications, CISA, CISSP, CCSK, CIPP, or similar ISO 27001