About the position: 

Based in St. Louis, this role is a member of the Global Information Security (GIS) team which has oversight and operational responsibilities for the Information security of Netskope. The Information Security Manager, Governance Risk and Compliance (GRC) will be a key member and manager of the GRC team responsible for collaborating with the business on GRC activities, administering GRC solutions, managing external and internal auditing activities, managing the Cyber Risk Management Program including third party vendor risk management and ensuring compliance objectives are being achieved across the organization. 

Responsibilities:

• Responsible for managerial responsibilities such as staffing, performance assessment, career path planning, training, and coaching/mentoring for all GRC team members
• Evaluating design and operating effectiveness of controls
• Ability to monitor, measure and test core business processes against internal policies and procedures
• Validating test procedures against controls, issue identification, root cause analysis and impact assessment
• Documenting results following compliance framework to arrive to conclusions
• Deliver value and insights by providing recommendations/improvements around processes and/or controls to business partners
• Effectively communicate and report out on plans, status, issues, risks, and requirements to all levels of stakeholders
• Develop and manage Metrics and Measures Programs
• Provides training, and coaching for Analysts, Engineers, and business partners
• Keep up-to-date on industry and regulatory changes
• Assist in conducting enterprise-wide, ongoing risk analysis in tandem with compliance and internal audit.
• Assist in the development and management of the Cyber Risk Management Program and performing supporting tasks
• Support Customer risk assessments, audits, and evidence collection.
• Contributes to security procedures and requirements documentation 
• Assists in development and maintenance of Information Security control mappings to defined frameworks

Requirements:

• 7+ years in an information security GRC role testing, monitoring, assurance within compliance, audit and operations with at least 
• 3+ years in a management or team lead role
• Strong people skills, including the ability to partner effectively and influence change with stakeholders across the organization
• Strong knowledge of information security governance, risk, and IT Controls compliance program
• Strong understanding of cybersecurity, networking, system and cloud technologies
• Strong experience with testing and monitoring manual and automated controls
• Experience with conducting risk assessment and knowledge of current industry good practice for risk assessment methodologies and tools,( e.g., FEDRAMP, NIST, ISO)
• Should possess relevant technical/professional qualifications/certification such as CISSP, CISM, CISA or ISO 27001 Lead Auditor/Implementer equivalent.
• US Citizen 

Desired Skills:

• Experience in performing risk assessments.
• Experience in third party (vendor) risk management
• Knowledge and experience in managing GRC tools.
• Highly analytical with the ability to present your analysis
• Strong written and verbal communication
• Experience in maintaining metrics and measures.
• Experience in supporting customer audits
• Experience working with software engineering teams in an agile/dynamic environment
• General understanding of meeting multiple/global compliance frameworks such as ISO 27001, FedRAMP, SSAE-18 SOC2, CSA STAR, Security Control Framework, HIPAA, PCI-DSS, etc. 

Education: 

Bachelor degree preferred.

#LI-AW2