At F5, we strive to bring a better digital world to life. Our teams empower organizations across the globe to create, secure, and run applications that enhance how we experience our evolving digital world. We are passionate about cybersecurity, from protecting consumers from fraud to enabling companies to focus on innovation.Everything we do centers around people. That means we obsess over how to make the lives of our customers, and their customers, better. And it means we prioritize a diverse F5 community where each individual can thrive.Position SummaryA Senior Governance, Risk and Compliance (GRC) is a Cybersecurity professional responsible for the maintenance and support of Cybersecuritys many programs (including risk management, compliance, vulnerability management and security awareness training) that meets the parameters prescribed by the Office of the CISO for the organization.Primary ResponsibilitiesAn individual contributor in the Cybersecurity department that is chartered with supporting the companys Cybersecurity program, with special focus on controls and policies intended to meet Federal Regulatory and FedRAMP requirements. Responsible for assisting with management and monitoring the companys security risks, security compliance guidelines and controls, security awareness training, vulnerability management and development / dissemination of best-practice standards, policies and procedures. The individual will work with various functions throughout the enterprise to evaluate the design and effectiveness of the control environment and maintain the security posture of the program.Responsible for upholding F5s Business Code of Ethics and for promptly reporting violations of the Code or other company policies.Provide daily support to security-related, services, including security assessments and the information security management systems program.
Lead as escalation point for support requests related to Information Security Programs, including FedRAMP program
Document procedures for specific Federal regulatory and FedRAMP requirements
Lead security assessments, including external security assessment and customer security questionnaires
Review security bulletins and related news; staying apprised of current threats and trends
Assist with audit, risk management, and compliance program
Support and improve security, risk management, and control framework
Monitor internal compliance against information security governance frameworks, including FedRAMP by conducting routine testing and internal control reviews as well as enterprise security risk assessments
Identify and communicate control gaps, evaluate management remediation action plans, and provide ongoing monitoring of resolution
Maintain awareness of external regulations and industry standards for new or modified requirements (NIST 800-53, ISO 27001/2017/2018, GDPR, PCI-DSS, SOC-2, FedRAMP etc.)
Perform assessments of supporting third parties to evaluate current security posture and monitor ongoing adherence to F5s information security requirements
Assist with management of the security assessment programLead and improve supporting of security assessments, including third-party security assessment and customer security questionnaires.May assist with performing legal security reviews of contracts on request of Legal department.May work with external vendors to perform assessments (i.e., pen testing, assessments) as directed.Develop knowledge pertaining to Threat Model AssessmentsMay work with Legal and/or Priv