Come work at a place where innovation and teamwork come together to support the most exciting missions in the world!
Join a team providing a leading-edge security solution to protect web and mobile services. The ARC analyst will support the Security Product Group's audit, risk management, and compliance program. Emphasis will be on executing SPG’s risk management program, managing remediation and mitigation campaigns, performing key control activities and assessments and maintaining control framework documentation across the security program as needed. The individual will work with various functions throughout the enterprise to evaluate the design and effectiveness of the control environment and maintain the security posture of the program.
Job duties and responsibilities
- Support and improve SPG’s information security, risk management, and control framework
- Monitor internal compliance against information security governance frameworks by conducting routine testing and internal control reviews as well as enterprise risk assessments
- Identify and communicate control gaps, evaluate management remediation action plans, and provide ongoing monitoring of resolution through briefings to senior management
- Execute annual assessment program including customer and external compliance assessments (SOC 2, FedRAMP, and PCI-DSS) and required vulnerability assessment, including remediation activities
- Maintain awareness of external regulations and industry standards for new or modified requirements (GDPR, PCI-DSS, CCPA, NIST800-53, ISO27001, etc.)
- Perform assessments of supporting third parties to evaluate current security posture and monitor ongoing adherence to F5s information security requirements
REQUIRED KNOWLEDGE, SKILLS AND ABILITIES
- Bachelor's degree in business, information systems or computer science or equivalent experience
- 2-4 years’ experience in IT Risk Management / Information Security related work
- Familiarity in many technology areas across a broad spectrum including networks, infrastructure, cloud security as well as the concepts of risk management, data compliance, information security strategy
- Solid knowledge of security controls across all security domains such as access management, encryption methods, vulnerability management, network security, business continuity, etc.
- Familiarity with industry compliance and security standards and frameworks including one or more of: PCI DSS, ISO 27001, HIPAA, CIS Benchmarks and NIST frameworks
- Effective communication skills enabling the ability to communicate complex information to various audiences both verbally and in writing
- Strong analytical skills, enabling the ability to evaluate security requirements and translate them to appropriate security controls
BONUS KNOWLEDGE, SKILLS AND ABILITIES
- Industry relevant certifications such as CISSP, CRISC, CISA, CISM, CGEIT, etc
The Job Description is intended to be a general representation of the responsibilities and requirements of the job. However, the description may not be all-inclusive, and responsibilities and requirements are subject to change.
Please note that F5 only contacts candidates through F5 email address (ending with @f5.com) or auto email notification from Yello/Workday (ending with f5.com or @myworkday.com).