Job Summary

NetApp’s Security Team is looking for a driven and detail-oriented GRC Analyst with a strong focus on compliance to help scale and mature our governance, risk, and compliance programs. In this role, you’ll be a key contributor to ensuring our organization meets regulatory, contractual, and internal security obligations across a range of compliance frameworks, including NIST 800-53, SOC 2, ISO 27001, GDPR, DORA, and others.

You will be responsible for supporting and enhancing core compliance activities such as control assessments, audit readiness, customer due diligence, and policy management, while actively driving process improvements and automation initiatives. You’ll work cross-functionally with product, security, legal, and customer-facing teams to ensure that our compliance posture not only meets standards but also enables trust, reduces risk, and supports business growth. This role is ideal for someone who is passionate about operationalizing compliance, thrives in a fast-paced environment, and is eager to drive impact-based results through thoughtful, customer-focused execution.

Duties and Responsibilities

• Own and manage the end-to-end process for completing customer security questionnaires, RFPs, and RFIs—working cross-functionally to ensure accurate, compelling, and timely responses.
• Contribute to the design and enhancement of customer-facing security product systems and documentation to support compliance transparency and trust.
• Support and optimize the implementation of SaaS-based GRC tools and compliance workflows to improve efficiency and scalability.
• Coordinate and help lead internal readiness activities for frameworks such as SOC 2, ISO 27001, GDPR, HIPAA, or NIST.
• Participate in or lead compliance-related customer escalations, ensuring timely communication and resolution while maintaining a customer-first mindset.
• Assist with internal and external audits, including evidence gathering, documentation review, and audit follow-up actions.
• Analyze compliance trends, risks, and gaps, and work with stakeholders to develop actionable remediation and improvement plans.
• Maintain and improve compliance policies, procedures, and control documentation in collaboration with security, legal, and product teams.
• Assist in reviewing customer/partner contracts for Information Security requirements
• Ensures all Security policy and procedures are documented and updated according to Global Security Standards, deadlines are met, approvals obtained, guidelines followed, repository usage understood, and repository / system of record up-to-date as defined by the Global Cybersecurity Governance program

Minimum Qualifications

• 2–4 years of experience in GRC, cybersecurity compliance, risk management, audit, or a related function.
• Demonstrated experience with compliance frameworks such as SOC 2, ISO 27001, GDPR, HIPAA, or others.
• Hands-on experience supporting SaaS-based security and compliance initiatives, preferably in a B2B or cloud-first environment.
• Strong understanding of customer trust requirements, including handling of security assessments, questionnaires, and third-party due diligence.
• Familiarity with GRC platforms (e.g., TrustCloud, SafeBase) or ticketing/project management tools (e.g., Jira, Asana, ServiceNow).
• An ability to translate technical or regulatory language into clear, business-relevant terms for internal and external audiences.

Key Soft Skills

• Results-driven: You focus on outcomes, not just tasks, and prioritize work that delivers business value and reduces risk.
• Effective communicator: Skilled in cross-functional collaboration and able to confidently engage with technical teams, legal, sales, and customers.
• Customer-focused: Understands how compliance supports trust and revenue; brings empathy and clarity to every interaction.
• Analytical and detail-oriented: Comfortable interpreting regulations, identifying risks, and developing solutions.
• Organized and self-directed: Manages multiple priorities with minimal supervision while maintaining high standards of accuracy and quality.
• Adaptable and curious: Thrives in fast-paced environments and seeks continuous improvement in systems and processes.

Education

• Bachelor’s degree in Cybersecurity, Information Systems, Legal Studies, Business Administration, or a related field.
• Professional certifications (e.g., CISA, CRISC, CCSK, ISO 27001 Lead Implementer) are a plus but not required.

Preferred Qualifications:

• Information security related training or certifications such as CISSP, CISA or CRISC
• Project management experience
• Experience performing information security audits or risk assessments
• Familiarity with security audit or risk management processes