Governance, Risk

Come work at a place where innovation and teamwork come together to support the most exciting missions in the worldBut our success isn’t driven solely by what we do. We also care deeply about how we do it. At F5, our culture is how we live, every single day. And it’s producing extraordinary results—not only for our customers but also for our employees. We understand that your life is about more than just work, so we’re committed to a culture that supports your whole life. We offer work/life integration programs like Freedom to Flex, dynamic employee inclusion groups, paid maternity/paternity leave, tuition assistance for professional development, a comprehensive mentoring program, rewards/recognition, and so much more. At F5, we truly do help each other thrive.**Position Summary**F5 is looking for a GRC Analyst to join our Information Security team. This is an opportunity to support enterprise compliance programs such as SOX and ISO 27001. This role will support a team with a mission to advance compliance efficiencies by leveraging technologies like ServiceNow GRC.The GRC Analyst is responsible for the creation and maintenance of control objectives primarily in the areas of IT SOX and ISO 27001. This position will support the GRC Program Manager and other leads with ensuring that control objectives are in compliance and running efficiently. The individual will work with various functions throughout the enterprise to evaluate the design and effectiveness of the control environment and maintain the security posture of the program.**Responsibilities**:- Support and improve F5’s information security, risk management, and control framework- Identify, align, and aggregate risk inputs from various sources across the enterprise- Identify and communicate control gaps, evaluate management remediation action plans, and provide ongoing monitoring of resolution through briefings to management- Support the enhancement of risk and compliance dashboards- Support the annual assessment program including customer, internal and external compliance assessments (IT SOX, ISO 27001) and required vulnerability assessment, including remediation activities- Identify industry trends, emerging risks, and external audit guidance to enhance the risk and control library- Assist with the creation and implementation of control objectives and integration into ServiceNow GRC- Assist with the successful completion of scheduled audit tasks (such as quarterly user access reviews) assigned to control owners in ServiceNow GRC- Perform assessments of supporting third parties to evaluate current security posture and monitor ongoing adherence to F5’s information security requirements- Collaborate with Internal Audit in developing, testing, and devising solutions to effectively meet applicable control objectives- Assist in other areas of the department and company as necessary**Knowledge, Skills and Abilities**:- Effective communication skills enabling the ability to communicate complex information to various audiences both verbally and in writing. Fluency and proficiency in English- Strong analytical skills, enabling the ability to evaluate security requirements and translate them to appropriate security controls- Strong interpersonal skills with proven ability to develop and maintain effective business partner relationships- Familiarity in technology areas across a broad-spectrum including networks, infrastructure, cloud security as well as the concepts of risk management, data compliance, information security strategy, DevSecOps- Fundamental knowledge of security controls across all security domains such as access management, encryption methods, vulnerability management, network security, business continuity / disaster recovery, etc.**Qualifications**:- Bachelor’s Degree from an accredited university- 2+ years of information technology experience working at a multinational company related to IT Risk Management and Information Security- Experience working with or implementing security and compliance standards, frameworks, and controls (ISO 27001, SOC 2, FedRAMP, NIST 800-53r5)- Preferred industry certifications: CISA, CISSP, CRISC, CISM, CGEIT- Experience with ServiceNow GRC is a plus**Physical Demands and Work Environment**:- Duties are performed in a normal office environment while sitting at a desk or computer table and have the ability to work remotely.- Duties require the ability to utilize a computer, communicate over the telephone, and read printed material.- Duties may require being on call periodically and working outside normal working hours (evenings and weekends).- Duties may require the ability to travel via automobile or airplane, approximately 5% of the time spent traveling.**In addition, we will need you to meet F5, customer, and/or government security screening requirements for this role. The background investigation may review an applicant’s actions, relationships, and ex