F5
F5 application services ensure that applications are always secure and perform the way they should—in any environment and on any device.
At F5, we strive to bring a better digital world to life. Our teams empower organizations across the globe to create, secure, and run applications that enhance how we experience our evolving digital world. We are passionate about cybersecurity, from protecting consumers from fraud to enabling companies to focus on innovation.
Everything we do centers around people. That means we obsess over how to make the lives of our customers, and their customers, better. And it means we prioritize a diverse F5 community where each individual can thrive.
Position Summary
We are seeking an experienced Risk and Compliance leader to join our team within the F5 Technology Services (TS) organization. As the Director leading Technology Risk & Compliance, you are responsible for building and leading a team establishing and continuously developing the global TS risk management & compliance framework, deployment roadmap, risk monitoring/reporting, and risk & compliance assurance for the whole TS organization. You will facilitate effective decisions by defining, maintaining, communicating, and promoting TS risks & compliance frameworks and control management within TS organization at all levels and collaborating with all audit and risk organizations across the enterprise.
We are looking for risk management professionals who possess imagination, creativity, and vision which can be employed to build control processes and solutions that are tailored to the unique needs of our organization. You will build for the future by designing TS monitoring, testing, and risk management procedures to identify and evaluate risk exposures and determine the effectiveness and efficiency of controls.
Primary Responsibilities:
- Build, lead and manage a small technology risk and compliance team
- Translate security and compliance requirements into projects and tasks, prioritize tickets, remove blockers, and track dependencies across multiple teams.
- Partner with existing programs to facilitate and project manage recurring programs including access control audits, application and network penetration tests, testing of disaster recovery, business continuity, and incident response plans, and annual policy review.
- Develop policy, procedure, and process to ensure that TS controls are compliant with regulations and policies in partnership with TS delivery teams.
- Partner with Internal Audit to execute annual TS Risk Assessment and drive subsequent risk response and mitigation plans.
- Define Sarbanes-Oxley (SOX) ITGC, ISO 27001, and other applicable compliance goals and ensure that methods and measurements are put in place to execute.
- Monitor activities of assigned TS areas to ensure compliance with internal policies and procedures including monthly, quarterly, and annual account and activity reviews.
- Review, document and identify gaps in current TS processes while charting the path to remediation. You will work in close collaboration with our operational partners to drive gaps to closure and make meaningful and lasting changes to our processes.
- Serve as a point-of-contact for violations of regulations, policy, and procedures.
- Be the main point of contact for Technology Services and assist on all internal and external audit teams where TS inquiry is required.
- Lead TS compliance certifications and represent TS in broader enterprise certifications.
- Partner with GRC team to ensure execution of required testing and auditing activities for the TS Department by internal and external parties leading to successful certification of the company on an ongoing basis.
- Work collaboratively with Security, Compliance, and Legal teams to identify and manage privacy, data protection risks, and compliance requirements to help meet stakeholder expectations.
- Responsibility to develop and maintain risk and compliance related policies and procedures.
- Drafting responses to findings and memos for SOX and other audit and certification findings.
- Influencing the culture of the Technology Services organization to embed a risk mindset into all processes.
Knowledge, Skills and Abilities:
- Proven experience building and leading technology risk and compliance teams, partnering with internal audit and external auditors
- Excellent leadership and team management skills, with the ability to inspire and motivate teams.
- Expert knowledge of technology and cyber risks and experience in working and collaborating with cross functional teams leading risk management and compliance programs.
- Common frameworks and standards such as NIST, CIS, ISO.
- Experience performing ISO 27001, NIST, SOX, or equivalent standards consulting, reviews and assessments.
- Knowledge and experience of key legal and regulatory compliance, e.g. SOX, FedRAMP, GDPR, CCPA.
- ServiceNow Integrated Risk Module or comparable experience.
- Excellent project and program management skills and experience.
- Have demonstrated ability to lead and influence to gain consensus; experience in partnering with executive and senior management.
- Ability to explain technical or complex issues and concerns in non-technical ways.
- Ability to deliver results while working with remote, virtual, and cross-functional teams without direct authority.
- Good presentation, meeting facilitation, negotiation, and conflict management skills.
- Exceptional analytical and problem-solving skills with attention to detail and accuracy.
- Capability to multi-task and be resourceful, able to adapt to changing requirements quickly while maintaining accountability.
- Ability to build strong, sustainable relationships with diverse internal and external partners at all levels.
Qualifications:
- BS/BA degree in a risk, compliance, audit, or computer related field; or equivalent industry experience.
- 10+ years related experience with a minimum of 8 years leading Governance, Risk, and Compliance or internal audit functions at technology-based companies or in technical domains.
- Certified as a risk professional; RIMS-CRMP, CRISC, CCSFP, or PMI-RMP qualification is preferred.
- Demonstrated knowledge of technology services and IT.
- Additional relevant certifications such as, CISM, CISA, CCSFP, CIA, CISSP, PMP, or equivalent preferred.
Our Values:
At F5, we live and breathe our core values, Excellence, Integrity, Collaboration, Customer Dedication, Profitable Growth, Innovation, Employee Success, and Diversity. We help each other achieve our goals, value the diversity of ideas different backgrounds can bring, emphasize teamwork over rock-stars, work hard and most of all have fun.
We offer work/life integration programs like Freedom to Flex, dynamic employee inclusion groups, paid maternity/paternity leave, tuition assistance for professional development, a comprehensive mentoring program, rewards/recognition, and so much more. At F5, we truly do help each other thrive and it shows: F5 has been named one of the “World’s Most Admired Companies” by Fortune magazine for the past two years.
This is a once-in-a-lifetime opportunity to become part of a company that’s on the forefront of transformation. And because we know that a more diverse F5 is a more powerful F5, we’re looking for smart, passionate, determined individuals to join us. If you make thoughtful decisions quickly, obsess over your customers’ needs, take ownership of your work (the mistakes as well as the successes), and embrace different perspectives by putting the human first, then we want to talk to you.
The Job Description is intended to be a general representation of the responsibilities and requirements of the job. However, the description may not be all-inclusive, and responsibilities and requirements are subject to change.
Phishing Alert: Please note that F5 only contacts candidates through F5 email address (ending with @f5.com) or auto email notification from Yello/Workday (ending with f5.com or @myworkday.com).