Security Risk And Compliance Analyst

Netapp Waltham , MA 02154

Posted 2 months ago

Apply

This Job is not relevant Tell us why

About NetApp

We're forward-thinking technology people with heart. We make our own rules, drive our own opportunities, and try to approach every challenge with fresh eyes.

Of course, we can't do it alone. We know when to ask for help, collaborate with others, and partner with smart people. We embrace diversity and openness because it's in our DNA.

We push limits and reward great ideas. What is your great idea?

"At NetApp, we fully embrace and advance a diverse, inclusive global workforce with a culture of belonging that leverages the backgrounds and perspectives of all employees, customers, partners, and communities to foster a higher performing organization." -George Kurian, CEO

CloudCheckr part of Spot by Netapp is a fast-paced, innovative cloud management software company who partners with some of the world's largest corporations and managed cloud services providers. We are looking for a high-energy, driven Security Risk and Compliance Analyst to join a rapidly growing industry leader in cloud management.

CloudCheckr team members are obsessed with our customer's success. We view the world from their perspective because, only then, can we empower and service them effectively.

Job Summary:
Our Security and Risk Compliance Analyst will be responsible for performing activities to ensure compliance with standards, reduce overall company security risk and support customer compliance information needs.

Job Duties:

Support the management Compliance frameworks (including FedRAMP, SOC 2)

Maintain Plan of Action and Milestones (POA&Ms) tracking for Federal compliance programs.

Maintain standard compliance documentation to support customer and compliance audits and assessments

Support the management of Third Party Security Risks

Help Coordinate Incident Response and Business Continuity Plans and testing

Support Compliance Audits and Assessments

Support regular auditing and reporting on security programs such as Vulnerability Management and Access Audits

Maintain metrics reporting for performance against compliance and security objectives

Provide regular compliance reporting

Maintain compliance tracking system content in Governance, Risk and Compliance (GRC) tools.

Support maintenance company standard Security Questionnaire

Support the completion Security Questionnaires for select larger potential customers

Provide input to the product in development of its compliance capabilities

Engage with external auditors & customer visits for Information Security and Compliance assessments

Performs other related duties as required & assigned

Expectations:

Act as a professional of high ethical standards

Work diligently to complete duties keeping in mind the objectives of the business

Drive innovation, service our employees, & treat everyone fairly & respectfully

Enable & embrace change

Qualifications:

Technical background - Understanding of network and system security technologies and practices. Cloud technologies preferred, especially AWS.

Information Security background - understand Information security risk and control concepts

Experience in NIST 800-53, SOC 2, FedRAMP or other compliance frameworks preferred.

Ability to communicate and interact with all levels of Management

Familiarity in Compliance as Code concepts preferred.

Ability to work with data centric frameworks for documenting and assessing security controls such as OSCAL preferred.

Familiarity with Governance, Risk and Compliance (GRC) tools preferred.

Compliance Certifications such as CIPP/E, CIPP/US, CRISC, CRMA, GRCP preferred

Excellent interpersonal skills & an ability to build strong relationships

Highly motivated, collaborative & possessing an entrepreneurial mindset

Strong written & verbal communication skills

Flexible, agile & open minded with a positive attitude

Ability to work under pressure, multi-task & adhere to deadlines

Ability to work well under moderate supervision

Did you know

Statistics show women apply to jobs only when they're 100% qualified. But no one is 100% qualified.

We encourage you to shift the trend and apply anyway! We look forward to hearing from you.

Why NetApp?

In a world full of generalists, NetApp is a specialist. No one knows how to elevate the world's biggest clouds like NetApp.

We are data-driven and empowered to innovate. Trust, integrity, and teamwork all combine to make a difference for our customers, partners, and communities.

We expect a healthy work-life balance. Our volunteer time off program is best in class, offering employees 40 hours of paid time off per year to volunteer with their favorite organizations.

We provide comprehensive medical, dental, wellness, and vision plans for you and your family. We offer educational assistance, legal services, and access to discounts. We also offer financial savings programs to help you plan for your future.

If you run toward knowledge and problem-solving, join us.

Colorado Residents Only: If the Company determines this role will be performed in Colorado, the starting salary for this position is (.9 compa*). This role could be eligible for comprehensive benefits including: Medical, Dental, Vision, Life, 401(K), Paid Time off (PTO), Company bonus, Employee stock purchase plan, and restricted stocks (RSU's) *. Final compensation will be dependent on various factors such as location, qualifications, certifications, relevant work experience and other factors, consistent with applicable law.

In accordance with NetApp's Policy, all U.S. employees of NetApp must be fully vaccinated against COVID-19 if they work at a Company location or remotely. If there is a reason preventing you from receiving the COVID-19 vaccination, you must request and be approved for one of the legally acceptable exemptions and reasonable accommodation must be established.

Show Full Description

See how you match
to the job

Upload my resume

Download the
LiveCareer app and find
your dream job anywhere

Similar Jobs

View All

Want to see jobs matched to your resume?
Upload One Now!

Senior Analyst Regulatory & Corporate Compliance Management

National Grid

Posted 2 weeks ago

VIEW JOBS As part of National Grid's continued commitment to safety, all new hires must be fully vaccinated against COVID-19. Anyone unable to be vaccinated, either because of a sincerely held religious belief or medical reason can request a reasonable accommodation. About us Every day we deliver safe and secure energy to homes, communities, and businesses. We are there when people need us the most. We connect people to the energy they need for the lives they live. The pace of change in society and our industry is accelerating and our expertise and track record puts us in an unparalleled position to shape the sustainable future of our industry. To be successful we must anticipate the needs of our customers, reducing the cost of energy delivery today and pioneering the flexible energy systems of tomorrow. This requires us to deliver on our promises and always look for new opportunities to grow, both ourselves and our business National Grid is hiring a Senior Analyst of Regulatory and Corporate Compliance Management. The position is located in the Waltham, MA office. Job Purpose To support National Grid in achieving its strategic objectives by providing assurance over key controls and mitigating activities that the organization relies on to manage its regulatory compliance obligations. To plan, execute, and report on a wide varity of regulatory compliance obligations, test controls and manage remediation of regulatory compliance assurance findings. Support and execute against corporate compliance obligations, and support the operating rhythm around the Juridiction's corporate compliance obligations, including the planning, execution, and reporting on such obligations. Key Accountabilities * Execute and adhere to regulatory assurance processes, procedures, and frameworks. * Administer and support reporting mechanisms, KPIs, and resulting scorecards for effective regulatory compliance performance management (e.g., aggregation of local, functional, and regional performance). * Provide support, advice, and challenge to National Grid's First Line of Defense (the business) in the Three Lines of Defense approach. * Provide advice and training support on regulatory compliance management techniques and internal control design. * Execute risk-based controls testing, documention and reporting in line with good practice guidance. * Prepare and present comprehensive, clear, concise reports, maintaining objectivity and impartiality. * Manage and coordinate the timely execution of team projects, ensuring that activities, including testing plans, are properly focused on key obligations and delivering value to the business. * Manage remediation of Regulatory Compliance assurance findings. * Ensure Regulatory Compliance activities are delivered at a high standard and in compliance with international professional standards and good practice. * Proactively look for areas of improvement and provide value adding and insightful recommendations on process and controls improvements. * Communicate with Manager to avoid surprises, highlight issues and ensure timely delivery. * Leverage software/technology to support regulatory compliance management, controls testing work and assurance findings. Support the New England business in meeting corporate compliance obligations in a timely manager. * Manage and administer reporting mechanism, KPIs, and resulting scorecards for effective corporate compiance performance management. * Lead and report on corporate compliance matters to ensure (1) visibility into risks associated with achieving compliance with new requirements or sustaining compliance with existing requirements, (2) consistent application of procedures and processes, and (3) processes to identify continuous improvement opportunities. * Serve as, or support, the Lead Compliance Champion and Lead for key Corporate Compliance activities (e.g., Certificate of Assurance, Ethics & Compliance). * Manage the timely execution of team projects, ensuring that activities properly focused on key corporate obligations, delivering value to the business. Supervisory/Interpersonal- Experience Required * Ability to lead, motivate, counsel, coach, develop and influence others. * Ability to develop and maintain strong stakeholder relationships to become a trusted advisor. Qualifications * A Bachelor's degree in Business Administration, Accounting, Engineering or relevant field, with an advanced degree a plus. * 4+ years of relevant work experience, including Internal Audi, or SOx, with Big 4 or medium-sized consultancy or Internal Audit in a large company (preferably Energy/Utilities). * Strong communication skills, including interpersonal, written (documentation and reporting) and verbal skills. * Strong technical regulatory compliance management skills, understanding of internal controls frameworks, Three Lines of Defense model, and controls testings, as well as broader business acumen. * Strong planning, organizational, and project management skills. * Compliance programing experience and track record of success. Strong knowledge of the elements of an effective compliance program. * Ability to be flexible and agile to changing conditions. * Demonstrable commitment to integrity and ethical values. * Strong knowledge and understanding of regulatory compliance management prevailing practice, business processes, internal controls, and controls testing methodologies. * Technology experience, including data analytics (e.g., ACL) and visualization tools (e.g., Power BI) a plus. * Professional certification or equivalent in relevant area (e.g., Certified Internal Auditor, Certified Public Accountant, Certified Ethics and Compliance Professional - CCEP), or working towards qualification preferred. More Information This position has a career path which provides for advancement opportunities within and across bands as you develop and evolve in the position; gaining experience, expertise and acquiring and applying technical skills. Candidates will be assessed and provided offers against the minimum qualifications of this role and their individual experience. National Grid is an equal opportunity employer that values a broad diversity of talent, knowledge, experience and expertise.  We foster a culture of inclusion that drives employee engagement to deliver superior performance to the communities we serve.  National Grid is proud to be an affirmative action employer. We encourage minorities, women, individuals with disabilities and protected veterans to join the National Grid team.

Director Biovia Quality Compliance & Risk

3DS Dassault Systems

Posted 4 weeks ago

VIEW JOBS In this role, the Compliance & Risk Director ensures that BIOVIA life science software solutions meet the quality standards and regulatory requirements demanded by our world-class life science customers, in accordance with the 3DS BIOVIA Quality Management System (QMS). As a member of our Quality Compliance team, you will be responsible for maintaining and improving a scalable QMS system that supports the definition, development, testing, and release of software solutions deployed in regulated industries. Using industry experience to provide compliance guidance and oversight, the Compliance & Risk Director will manage expectations with customers regarding how BIOVIA's cloud software can support their compliance needs. Hosting customer audits, defining CAPAs, and representing BIOVIA in customer engagements and industry bodies related to quality and regulatory compliance are an important part of this role. Other key activities include project management, SDLC tools administration, data analysis, trend-reporting and conducting RCA identification and closure. Successful candidates will have experience in the life sciences industry authoring SOPs, managing a quality system, validating software, managing change control, and defending internal QMS practices to regulatory agencies such as FDA, MHRA, or EMA. Imagine New Horizons… BIOVIA, a Dassault Systèmes digital solutions brand, provides global collaborative product lifecycle experiences for organizations and industries that rely on scientific innovation for competitiveness. BIOVIA's leading scientific enterprise software solutions enable scientific innovation at the world's leading pharmaceutical, biotechnology, chemical, and petroleum companies. What will your role be? In this role, the Compliance & Risk Director ensures that BIOVIA life science software solutions meet the quality standards and regulatory requirements demanded by our world-class life science customers, in accordance with the 3DS BIOVIA Quality Management System (QMS). As a member of our Quality Compliance team, you will be responsible for maintaining and improving a scalable QMS system that supports the definition, development, testing, and release of software solutions deployed in regulated industries. Using industry experience to provide compliance guidance and oversight, the Compliance & Risk Director will manage expectations with customers regarding how BIOVIA's cloud software can support their compliance needs. Hosting customer audits, defining CAPAs, and representing BIOVIA in customer engagements and industry bodies related to quality and regulatory compliance are an important part of this role. Other key activities include project management, SDLC tools administration, data analysis, trend-reporting and conducting RCA identification and closure. Successful candidates will have experience in the life sciences industry authoring SOPs, managing a quality system, validating software, managing change control, and defending internal QMS practices to regulatory agencies such as FDA, MHRA, or EMA. Your Challenges Ahead * Provide strategic input into the compliance and security posture at the global corporate and brand levels supporting customers in the life sciences industry * Champion and influence process and tools improvements across brands and corporate * Develop, maintain, improve compliance processes; conduct management reviews on compliance status and risk * Conduct internal audits and release compliance reviews to ensure compliance with QMS processes, collaborating with peers and across functions. Includes developing audit plans, audit findings, and audit reports. * Manage external audits as assigned, including effective planning and execution, as well as responding to auditor questions. Includes official responses to audit findings * Manage internal and external audit findings and monitor corrective actions resulting from compliance reviews and audits to drive continual improvement and improve the effectiveness of BIOVIA QMS processes and controls * Manage CAPA program, creating CAPAs in collaboration with process owners, monitoring CAPA plans and closure activities. * Fulfill customer compliance requests and RFP questionnaires to customer satisfaction * Manage the GxP validation process, including planning, oversight, change management, compliance reviews, quality deliverable packaging for customer release within a continuous cloud delivery model * Represent BIOVIA R&D on compliance topics with external parties including customers, partners, and industry groups. * Provide consulting to R&D teams to improve compliance and risk and drive continual improvement * Promote compliance awareness and expectations and support training programs globally across BIOVIA R&D, Support, & Professional Services teams Your Key Success Factors? * Education: BS in life science, computer science or engineering related fields * 15+ years in quality compliance in software or life science industries including FDA/EMA regulated environments * Comprehensive knowledge of 21 CFR Part 11, Annex 11, cGLP and cGMP regulations and the ability to correctly interpret minimum standards relative to software is a must * Distill Industry regulations and customer compliance expectations into the relevant compliance needs for software providers (e.g., GxP for life sciences) * Strong understanding of GAMP 5 principles and CSV in a GXP context * Influenced, participated and presented in working groups and forums such as GAMP 5 * Strong people management skills * Experience working in a virtual cross-functional team environment is required * Ability to communicate effectively with leadership and individuals up, down and across the organization and at global locations * Strong leadership skills, including ability to lead change efforts through effective communication and persuasion * Experience supporting QMS and ISMS processes and familiarity with industry certification including ISO 9001 and ISO 27001 * Administrator experience with document management and SDLC tools such as QUMAS and JIRA/Confluence or similar * Understanding of software development methodologies and best practices, including the use of scaled agile (SAFe) and cloud continuous software delivery models within regulated software * Attentive to details; focused on accuracy and traceability in compliance reviews * Experience with risk management methodologies and best practices * Enjoy championing process improvement and automation efforts, working with cross functional teams * Certified Quality Auditor from ASQ is highly desirable

Compliance Specialist Capabilities

Mckinsey

Posted 1 week ago

VIEW JOBS You will be based in a McKinsey office in either North America or EMEA. You will join our compliance capabilities team and work with a variety of stakeholders within and outside of our function, such as legal, risk, finance, reach & engagement, and others. You will be part of McKinsey's compliance function, whose mission is to enable McKinsey's client impact and innovation, while managing compliance risks to the firm, our clients, and our people. The compliance function is a globally integrated team within the second line of defense of the firm risk model. As a core member of the compliance capabilities team, you will help us develop, enhance, and embed the core management system that cuts across the full breadth of our firm's compliance program and activities. You be responsible for driving workstreams in support of developing certain core capabilities, working with a variety of stakeholders on our policy governance and compliance learning and awareness efforts. You will assist in developing and maintaining our policy governance model or mechanisms, map our policies, procedures, standards and controls, and ensure any new or enhanced procedures, policies, or guidelines are consistent across the firm. Additionally, you will also be involved in our global learning and awareness efforts, driving specific engagement and education efforts that are clearly linked to our written policies and standards. You will identify gaps and develop potential solutions for key process or design choices. You will develop creative approaches for multifaceted issues to adapt and change behaviors across the firm in a collaborative manner. You will also develop outputs (e.g., playbooks, reports) in a concise and structured manner that is tailored appropriately for different audiences. * Undergraduate degree * 5+ years of relevant experience in risk/compliance programs, ideally with direct experience in enterprise risk management, policy governance, monitoring and response, risk culture, and/or risk/legal communications approaches * Familiarity with written policy governance management or risk/compliance learning and awareness is highly preferred * Familiarity with application and use of data analytics in a compliance function * Demonstrated ability to work across various levels of seniority while ensuring a balance between advising and tracking progress * Strong conceptual problem-solving capabilities and attention to detail to ensure high quality of work products * Ability to quickly grasp and own business processes and culture to effectively tailor working approach * Outstanding English written and oral communication skills, including clear and concise writing and editorial skills * Ability to work effectively in a fast-paced environment, with the ability to prioritize and balance competing, time-urgent demands and geographies * Advanced knowledge of Microsoft Office (PowerPoint, Excel, Word)

Apply