Cloud Grc Technical Program Manager

About NetApp

We’re forward-thinking technology people with heart. We make our own rules, drive our own opportunities, and try to approach every challenge with fresh eyes. Of course, we can’t do it alone. We know when to ask for help, collaborate with others, and partner with smart people. We embrace diversity and openness because it’s in our DNA. We push limits and reward great ideas. What is your great idea?

"At NetApp, we fully embrace and advance a diverse, inclusive global workforce with a culture of belonging that leverages the backgrounds and perspectives of all employees, customers, partners, and communities to foster a higher performing organization." -George Kurian, CEO

Job Summary

As a Cloud GRC Technical Program Manager in the Cloud business, you will join a growing Security & Compliance team within NetApp’s fastest-growing business - https://cloud.netapp.com/. The role is to design, implement, and assess security controls from a Technical Program Manager (TPM) technical lens.

If you are passionate about doing Security & Compliance at the cloud scale in an innovative and automated (compliance-as-a-code) way – this role is for you. The position can influence and impact security, compliance, and assurance efforts across teams, products, and functions within the company. 

For the right candidate, the role will be shaped and scoped based on your strengths. We are looking at a broad set of skills. Let’s chat!

Key Responsibilities

• Drive compliance with a technical lens and not just as a check in the box.
• Design, implement, maintain, and improve compliance programs to address key risks and prepare product teams for assessments against a wide variety of regulatory and compliance frameworks (ISO/IEC 27001, SOC2, PCI, NIST, FedRamp, etc.)
• Partner with Engineering, SRE, Product, Cloud Security, Legal, Privacy, and Corporate Security teams to collaborate on our mission and propose pragmatic solutions for the timely resolution of risk and compliance issues.
• Assist with improving internal policies, and internal processes, and contribute to a common controls framework and overall security governance.
• Drive automation and assist with the adoption of GRC tooling within business.
• Perform technical gap assessments, and risk assessments, and facilitate control monitoring activities.
• Closely work with the Cloud Security team on initiatives and any risks impacting your area of responsibility.
• Identify opportunities that create a positive impact on our activities and achieve efficiencies.
• Maintain and optimize security compliance monitoring and alerting systems and advise control owners on system policy violations

Job Requirements

You’d ideally be someone who can look at an infrastructure deployment/ application environment, and team’s development /infrastructure processes and be able to identify the key risk areas from a security & compliance perspective, understand the data flow, be able to review the technical controls and identify gaps, provide pragmatic recommendations, and influence the remediation efforts.

• 5 years of experience in building and maintaining security risk & compliance programs
• Experience in implementing technical security controls and assessing compliance standards (ISO/IEC 27001, SOC2, PCI, NIST, FedRamp, etc.) over infrastructure, applications, and Development and Cloud Engineering processes.
• Strong understanding of infrastructure (cloud resources on AWS/Azure, Kubernetes technology, and containers) and understanding of how application is deployed.
• Familiarity with native security and compliance capabilities within cloud providers and technologies/processes around SIEM, vulnerability scanning, cloud security configuration, endpoint detection & response tools, and other infrastructure security tools
• Excelled writing and communication skills - attention to detail along with good program management skills.
• Ability to work in a fast-paced and sometimes unorganized environment with multiple teams

A big plus iif you have any of these...

• Similar experience within a product company (preferably Cloud) or Big4 auditing/consulting experience with a strong focus on Security advisory
• Experience/Understanding of technical concepts relevant to cloud computing environments i.e., authentication and authorization mechanisms, CI/CD pipelines, Secure development practices, container security, infrastructure security and monitoring, incident response, secure architectures, and privacy, etc.
• Experience with FedRamp 

Education

• Bachelors or Master of Engineering – preferably in Computers or IT.
• Professional certifications/ education in Security/Compliance - AWS certifications, CISA, CISSP, CCSK, CIPP, or similar ISO 27001  
   

Equal Opportunity Employer:

NetApp is firmly committed to Equal Employment Opportunity (EEO) and to compliance with all federal, state and local laws that prohibit employment discrimination based on age, race, color, gender, sexual orientation, gender identity, national origin, religion, disability or genetic information, pregnancy, protected veteran status, and any other protected classification.

USA Residents Only:

The base salary hiring wage range for this position which the Company reasonably and in good faith expects to pay for the position in the specified geographic areas or locations, is [$122,490] - [$152,218].  Final compensation will be dependent on various factors relevant to the position and candidate such as geographical location, candidate qualifications, certifications, relevant job-related work experience, education, skillset and other relevant business and organizational factors, consistent with applicable law.  In addition, the position may include some of the following comprehensive benefits such Medical, Dental, Vision, Life, 401(K), Paid Time off (PTO), sick time, leave of absence as per the FMLA and other relevant leave laws, Company bonus/commission, employee stock purchase plan, and/or restricted stocks (RSU’s).