GRC Analyst at F5 Networks

Come work at a place where innovation and teamwork come together to support the most exciting missions in the world!
Join a team providing a leading-edge security solution to protect web and mobile services. The ARC analyst will support the Security Product Group's audit, risk management, and compliance program. Emphasis will be on executing SPG’s risk management program, managing remediation and mitigation campaigns, performing key control activities and assessments and maintaining control framework documentation across the security program as needed. The individual will work with various functions throughout the enterprise to evaluate the design and effectiveness of the control environment and maintain the security posture of the program.

Job duties and responsibilities

  • Support and improve SPG’s information security, risk management, and control framework
  • Monitor internal compliance against information security governance frameworks by conducting routine testing and internal control reviews as well as enterprise risk assessments
  • Identify and communicate control gaps, evaluate management remediation action plans, and provide ongoing monitoring of resolution through briefings to senior management
  • Execute annual assessment program including customer and external compliance assessments (SOC 2, FedRAMP, and PCI-DSS) and required vulnerability assessment, including remediation activities
  • Maintain awareness of external regulations and industry standards for new or modified requirements (GDPR, PCI-DSS, CCPA, NIST800-53, ISO27001, etc.)
  • Perform assessments of supporting third parties to evaluate current security posture and monitor ongoing adherence to F5s information security requirements


  • Bachelor's degree in business, information systems or computer science or equivalent experience
  • 2-4 years’ experience in IT Risk Management / Information Security related work
  • Familiarity in many technology areas across a broad spectrum including networks, infrastructure, cloud security as well as the concepts of risk management, data compliance, information security strategy
  • Solid knowledge of security controls across all security domains such as access management, encryption methods, vulnerability management, network security, business continuity, etc.
  • Familiarity with industry compliance and security standards and frameworks including one or more of: PCI DSS, ISO 27001, HIPAA, CIS Benchmarks and NIST frameworks
  • Effective communication skills enabling the ability to communicate complex information to various audiences both verbally and in writing
  • Strong analytical skills, enabling the ability to evaluate security requirements and translate them to appropriate security controls


  • Industry relevant certifications such as CISSP, CRISC, CISA, CISM, CGEIT, etc

The Job Description is intended to be a general representation of the responsibilities and requirements of the job. However, the description may not be all-inclusive, and responsibilities and requirements are subject to change.
Please note that F5 only contacts candidates through F5 email address (ending with or auto email notification from Yello/Workday (ending with or

Equal Employment Opportunity

It is the policy of F5 to provide equal employment opportunities to all employees and employment applicants without regard to unlawful considerations of race, religion, color, national origin, sex, sexual orientation, gender identity or expression, age, sensory, physical, or mental disability, marital status, veteran or military status, genetic information, or any other classification protected by applicable local, state, or federal laws. This policy applies to all aspects of employment, including, but not limited to, hiring, job assignment, compensation, promotion, benefits, training, discipline, and termination. Reasonable accommodation is available for qualified individuals with disabilities, upon request.

Remember to mention that you found this position on SH Karriär