Director, Technology Risk & Compliance

At F5, we strive to bring a better digital world to life. Our teams empower organizations across the globe to create, secure, and run applications that enhance how we experience our evolving digital world. We are passionate about cybersecurity, from protecting consumers from fraud to enabling companies to focus on innovation. 
 

Everything we do centers around people. That means we obsess over how to make the lives of our customers, and their customers, better. And it means we prioritize a diverse F5 community where each individual can thrive.

Job Description

At F5, we strive to bring a better digital world to life. Our teams empower organizations across the globe to create, secure, and run applications that enhance how we experience our evolving digital world. We are passionate about security, from protecting consumers from fraud to enabling companies to focus on innovation. Everything we do centers around people. That means we obsess over how to make the lives of our customers, and their customers, better. And it means we prioritize a diverse F5 community where each individual can thrive.

Life at F5 is never dull. We are constantly identifying industry trends and disruptions, then innovating to get ahead of future customer needs—creating application services that help the world’s leading organizations deliver their critical business apps faster and with the highest levels of flexibility, security, performance, and support.

Our success isn’t driven solely by what we do. We also care deeply about how we do it. At F5, our culture is how we live, every single day. And it’s producing outstanding results—not only for our customers, but also for our employees. We understand that your life is about more than just work, so we’re committed to a culture that supports your whole life.

Position Summary

We are seeking an experienced Risk and Compliance leader to join our team within the F5 Technology Services (TS) organization. As the Director leading Technology Risk & Compliance, you are responsible for building and leading a team establishing and continuously developing the global TS risk management & compliance framework, deployment roadmap, risk monitoring/reporting, and risk & compliance assurance for the whole TS organization. You will facilitate effective decisions by defining, maintaining, communicating, and promoting TS risks & compliance frameworks and control management within TS organization at all levels and collaborating with all audit and risk organizations across the enterprise.

We are looking for risk management professionals who possess imagination, creativity, and vision which can be employed to build control processes and solutions that are tailored to the unique needs of our organization. You will build for the future by designing TS monitoring, testing, and risk management procedures to identify and evaluate risk exposures and determine the effectiveness and efficiency of controls.

Primary Responsibilities:

• Build, lead and manage a small technology risk and compliance team
• Translate security and compliance requirements into projects and tasks, prioritize tickets, remove blockers, and track dependencies across multiple teams.
• Partner with existing programs to facilitate and project manage recurring programs including access control audits, application and network penetration tests, testing of disaster recovery, business continuity, and incident response plans, and annual policy review.
• Develop policy, procedure, and process to ensure that TS controls are compliant with regulations and policies in partnership with TS delivery teams.
• Partner with Internal Audit to execute annual TS Risk Assessment and drive subsequent risk response and mitigation plans.
• Define Sarbanes-Oxley (SOX) ITGC, ISO 27001, and other applicable compliance goals and ensure that methods and measurements are put in place to execute.
• Monitor activities of assigned TS areas to ensure compliance with internal policies and procedures including monthly, quarterly, and annual account and activity reviews.
• Review, document and identify gaps in current TS processes while charting the path to remediation. You will work in close collaboration with our operational partners to drive gaps to closure and make meaningful and lasting changes to our processes.
• Serve as a point-of-contact for violations of regulations, policy, and procedures.
• Be the main point of contact for Technology Services and assist on all internal and external audit teams where TS inquiry is required.
• Lead TS compliance certifications and represent TS in broader enterprise certifications.
• Partner with GRC team to ensure execution of required testing and auditing activities for the TS Department by internal and external parties leading to successful certification of the company on an ongoing basis.
• Work collaboratively with Security, Compliance, and Legal teams to identify and manage privacy, data protection risks, and compliance requirements to help meet stakeholder expectations.
• Responsibility to develop and maintain risk and compliance related policies and procedures.
• Drafting responses to findings and memos for SOX and other audit and certification findings.
• Influencing the culture of the Technology Services organization to embed a risk mindset into all processes.

Knowledge, Skills and Abilities

• Proven experience building and leading technology risk and compliance teams, partnering with internal audit and external auditors
• Excellent leadership and team management skills, with the ability to inspire and motivate teams.
• Expert knowledge of technology and cyber risks and experience in working and collaborating with cross functional teams leading risk management and compliance programs.
• Common frameworks and standards such as NIST, CIS, ISO.
• Experience performing ISO 27001, NIST, SOX, or equivalent standards consulting, reviews and assessments.
• Knowledge and experience of key legal and regulatory compliance, e.g. SOX, FedRAMP, GDPR, CCPA.
• ServiceNow Integrated Risk Module or comparable experience.
• Excellent project and program management skills and experience.
• Have demonstrated ability to lead and influence to gain consensus; experience in partnering with executive and senior management.
• Ability to explain technical or complex issues and concerns in non-technical ways.
• Ability to deliver results while working with remote, virtual, and cross-functional teams without direct authority.
• Good presentation, meeting facilitation, negotiation, and conflict management skills.
• Exceptional analytical and problem-solving skills with attention to detail and accuracy.
• Capability to multi-task and be resourceful, able to adapt to changing requirements quickly while maintaining accountability.
• Ability to build strong, sustainable relationships with diverse internal and external partners at all levels.

Qualifications

• BS/BA degree in a risk, compliance, audit, or computer related field; or equivalent industry experience.
• 10+ years related experience with a minimum of 8 years leading Governance, Risk, and Compliance or internal audit functions at technology-based companies or in technical domains.
• Certified as a risk professional; RIMS-CRMP, CRISC, CCSFP, or PMI-RMP qualification is preferred.
• Demonstrated knowledge of technology services and IT.
• Additional relevant certifications such as, CISM, CISA, CCSFP, CIA, CISSP, PMP, or equivalent preferred.

Our Values

At F5, we live and breathe our core values, Excellence, Integrity, Collaboration, Customer Dedication, Profitable Growth, Innovation, Employee Success, and Diversity. We help each other achieve our goals, value the diversity of ideas different backgrounds can bring, emphasize teamwork over rock-stars, work hard and most of all have fun.

We offer work/life integration programs like Freedom to Flex, dynamic employee inclusion groups, paid maternity/paternity leave, tuition assistance for professional development, a comprehensive mentoring program, rewards/recognition, and so much more. At F5, we truly do help each other thrive and it shows: F5 has been named one of the “World’s Most Admired Companies” by Fortune magazine for the past two years.

And this dedication to living our culture doesn’t just exist within our offices; it extends into our communities through Global Good initiatives such as employee matching, volunteer opportunities, and the F5 Foundation. Our employees are passionate about making a difference in the world.

This is a once-in-a-lifetime opportunity to become part of a company that’s on the forefront of transformation. And because we know that a more diverse F5 is a more powerful F5, we’re looking for smart, passionate, determined individuals to join us. If you make thoughtful decisions quickly, obsess over your customers’ needs, take ownership of your work (the mistakes as well as the successes), and embrace different perspectives by putting the human first, then we want to talk to you.

The Job Description is intended to be a general representation of the responsibilities and requirements of the job. However, the description may not be all-inclusive, and responsibilities and requirements are subject to change.

Phishing Alert

Please note that F5 only contacts candidates through F5 email address (ending with @f5.com) or auto email notification from Yello/Workday (ending with f5.com or @myworkday.com).

#LI-JB1

The Job Description is intended to be a general representation of the responsibilities and requirements of the job. However, the description may not be all-inclusive, and responsibilities and requirements are subject to change.

F5 maintains broad salary ranges for its roles in order to account for variations in knowledge, skills, experience, geographic locations, and market conditions, as well as to reflect F5’s differing products, industries, and lines of business. The pay range referenced is as of the time of the job posting and is subject to change.

You may also be offered incentive compensation, bonus, restricted stock units, and benefits. More details about F5’s benefits can be found at the following link: https://www.f5.com/company/careers/benefits. F5 reserves the right to change or terminate any benefit plan without notice. 

Please note that F5 only contacts candidates through F5 email address (ending with @f5.com) or auto email notification from Workday (ending with f5.com or @myworkday.com).

Equal Employment Opportunity

It is the policy of F5 to provide equal employment opportunities to all employees and employment applicants without regard to unlawful considerations of race, religion, color, national origin, sex, sexual orientation, gender identity or expression, age, sensory, physical, or mental disability, marital status, veteran or military status, genetic information, or any other classification protected by applicable local, state, or federal laws. This policy applies to all aspects of employment, including, but not limited to, hiring, job assignment, compensation, promotion, benefits, training, discipline, and termination.  F5 offers a variety of reasonable accommodations for candidates. Requesting an accommodation is completely voluntary. F5 will assess the need for accommodations in the application process separately from those that may be needed to perform the job. Request by contacting accommodations@f5.com.