Job Description

Join a team providing a leading-edge security solution to protect web and mobile services. The GRC analyst will support Shape’s security governance and compliance program. Emphasis will be on executing Shape’s internal governance program, managing technical remediation campaigns, performing key controls assessments and maintaining control framework documentation across the security program as needed. The individual will work with various functions throughout the enterprise to evaluate the design and efficiency of the control environment and maintain the security posture of the program.

Job duties and responsibilities

• Support and improve Shape’s information security governance, risk and control framework
• Monitor internal compliance against information security governance frameworks by conducting routine testing and internal control reviews as well as enterprise risk assessments
• Identify and communicate control gaps, evaluate management remediation action plans, and provide ongoing monitoring of resolution through briefings to senior management
• Executive annual assessment program including customer and external compliance assessments (SOC 2, FedRAMP, and PCI-DSS) and required vulnerability assessment / penetration testing, including remediation activities
• Maintain awareness of external regulations and industry standards for new or modified requirements (GDPR, PCI-DSS, CCPA, NIST800-53, ISO27001, etc.)
• Perform assessments of supporting Shape third parties to evaluate current security posture and monitor ongoing adherence to Shapes information security requirements
• Use native GCP and AWS cloud services to automate and improve existing control activities.

Required knowledge, skills and abilities

• Bachelor's degree in business, information systems or computer science or equivalent experience
• 2-4 years’ experience in IT Risk Management / Information Security related work
• Familiarity in many technology areas across a broad spectrum including networks, infrastructure, cloud and mobile as well as the concepts of risk management, data compliance, information security strategy
• knowledge of security controls across all security domains such as access management, encryption methods, vulnerability management, network security, business continuity, etc.
• Familiarity with industry compliance and security standards and frameworks including one or more of: PCI DSS, ISO 27001, HIPAA, CIS Benchmarks and NIST frameworks
• Effective communication skills and interpersonal skills enabling the ability to communicate complex information to various audiences both verbally and in writing
• Strong analytical skills needed to evaluate security requirements and translate them to appropriate security controls
• Industry relevant certifications such as CISSP, CRISC, CISA, CISM, CGEIT, etc
• Experience with automating security monitoring functions using scripting.

Qualifications

• Bachelors degree and 2+ years of experience; or equivalent experience.

The Job Description is intended to be a general representation of the responsibilities and requirements of the job. However, the description may not be all-inclusive, and responsibilities and requirements are subject to change.

Phishing Alert

Please note that F5 only contacts candidates through F5 email address (ending with @f5.com) or auto email notification from Yello/Workday (ending with f5.com or @myworkday.com).

Equal Employment Opportunity

It is the policy of F5 to provide equal employment opportunities to all employees and employment applicants without regard to unlawful considerations of race, religion, color, national origin, sex, sexual orientation, gender identity or expression, age, sensory, physical, or mental disability,marital status, veteran or military status, genetic information, or any other classification protected by applicable local, state, or federal laws.This policy applies to all aspects of employment, including, but not limited to, hiring, job assignment, compensation, promotion, benefits, training, discipline, and termination. Reasonable accommodation is available for qualified individuals with disabilities, upon request.