GRC Compliance Analyst
Company: NetApp
Location: Asheville
Posted on: June 24, 2025
|
|
|
Job Description:
About NetApp NetApp is the intelligent data infrastructure
company, turning a world of disruption into opportunity for every
customer. No matter the data type, workload or environment, we help
our customers identify and realize new business possibilities. And
it all starts with our people. If this sounds like something you
want to be part of, NetApp is the place for you. You can help bring
new ideas to life, approaching each challenge with fresh eyes. Of
course, you won't be doing it alone. At NetApp, we're all about
asking for help when we need it, collaborating with others, and
partnering across the organization - and beyond. Job Summary
NetApp’s Security Team is looking for a driven and detail-oriented
GRC Analyst with a strong focus on compliance to help scale and
mature our governance, risk, and compliance programs. In this role,
you’ll be a key contributor to ensuring our organization meets
regulatory, contractual, and internal security obligations across a
range of compliance frameworks, including NIST 800-53, SOC 2, ISO
27001, GDPR, DORA, and others. You will be responsible for
supporting and enhancing core compliance activities such as control
assessments, audit readiness, customer due diligence, and policy
management, while actively driving process improvements and
automation initiatives. You’ll work cross-functionally with
product, security, legal, and customer-facing teams to ensure that
our compliance posture not only meets standards but also enables
trust, reduces risk, and supports business growth. This role is
ideal for someone who is passionate about operationalizing
compliance, thrives in a fast-paced environment, and is eager to
drive impact-based results through thoughtful, customer-focused
execution. Duties and Responsibilities Own and manage the
end-to-end process for completing customer security questionnaires,
RFPs, and RFIs—working cross-functionally to ensure accurate,
compelling, and timely responses. Contribute to the design and
enhancement of customer-facing security product systems and
documentation to support compliance transparency and trust. Support
and optimize the implementation of SaaS-based GRC tools and
compliance workflows to improve efficiency and scalability.
Coordinate and help lead internal readiness activities for
frameworks such as SOC 2, ISO 27001, GDPR, HIPAA, or NIST.
Participate in or lead compliance-related customer escalations,
ensuring timely communication and resolution while maintaining a
customer-first mindset. Assist with internal and external audits,
including evidence gathering, documentation review, and audit
follow-up actions. Analyze compliance trends, risks, and gaps, and
work with stakeholders to develop actionable remediation and
improvement plans. Maintain and improve compliance policies,
procedures, and control documentation in collaboration with
security, legal, and product teams. Assist in reviewing
customer/partner contracts for Information Security requirements
Ensures all Security policy and procedures are documented and
updated according to Global Security Standards, deadlines are met,
approvals obtained, guidelines followed, repository usage
understood, and repository / system of record up-to-date as defined
by the Global Cybersecurity Governance program Minimum
Qualifications 2–4 years of experience in GRC, cybersecurity
compliance, risk management, audit, or a related function.
Demonstrated experience with compliance frameworks such as SOC 2,
ISO 27001, GDPR, HIPAA, or others. Hands-on experience supporting
SaaS-based security and compliance initiatives, preferably in a B2B
or cloud-first environment. Strong understanding of customer trust
requirements, including handling of security assessments,
questionnaires, and third-party due diligence. Familiarity with GRC
platforms (e.g., TrustCloud, SafeBase) or ticketing/project
management tools (e.g., Jira, Asana, ServiceNow). An ability to
translate technical or regulatory language into clear,
business-relevant terms for internal and external audiences. Key
Soft Skills Results-driven: You focus on outcomes, not just tasks,
and prioritize work that delivers business value and reduces risk.
Effective communicator: Skilled in cross-functional collaboration
and able to confidently engage with technical teams, legal, sales,
and customers. Customer-focused: Understands how compliance
supports trust and revenue; brings empathy and clarity to every
interaction. Analytical and detail-oriented: Comfortable
interpreting regulations, identifying risks, and developing
solutions. Organized and self-directed: Manages multiple priorities
with minimal supervision while maintaining high standards of
accuracy and quality. Adaptable and curious: Thrives in fast-paced
environments and seeks continuous improvement in systems and
processes. Education Bachelor’s degree in Cybersecurity,
Information Systems, Legal Studies, Business Administration, or a
related field. Professional certifications (e.g., CISA, CRISC,
CCSK, ISO 27001 Lead Implementer) are a plus but not required.
Preferred Qualifications: Information security related training or
certifications such as CISSP, CISA or CRISC Project management
experience Experience performing information security audits or
risk assessments Familiarity with security audit or risk management
processes Compensation: The target salary range for this position
is 99,450 - 147,400 USD. The salary offered will be determined by
the candidate's location, qualifications, experience, and education
and may be outside of this range. Final compensation packages are
competitive and in line with industry standards, reflecting a
variety of factors, and include a comprehensive benefits package.
This may cover Health Insurance, Life Insurance, Retirement or
Pension Plans, Paid Time Off (PTO), various Leave options,
Performance-Based Incentives, employee stock purchase plan, and/or
restricted stocks (RSU’s), with all offerings subject to regional
variations and governed by local laws, regulations, and company
policies. Benefits may vary by country and region, and further
details will be provided as part of the recruitment process. At
NetApp, we embrace a hybrid working environment designed to
strengthen connection, collaboration, and culture for all
employees. This means that most roles will have some level of
in-office and/or in-person expectations, which will be shared
during the recruitment process. Equal Opportunity Employer: NetApp
is firmly committed to Equal Employment Opportunity (EEO) and to
compliance with all federal, state and local laws that prohibit
employment discrimination based on age, race, color, gender, sexual
orientation, gender identity, national origin, religion, disability
or genetic information, pregnancy, protected veteran status, and
any other protected classification. Why NetApp? We are all about
helping customers turn challenges into business opportunity. It
starts with bringing new thinking to age-old problems, like how to
use data most effectively to run better - but also to innovate. We
tailor our approach to the customer's unique needs with a
combination of fresh thinking and proven approaches. We enable a
healthy work-life balance. Our volunteer time off program is best
in class, offering employees 40 hours of paid time per year to
volunteer with their favorite organizations. We provide
comprehensive medical, dental, wellness, and vision plans for you
and your family. We offer educational assistance, legal services,
and access to discounts. Finally, we provide financial savings
programs to help you plan for your future. If you want to help us
build knowledge and solve big problems, let's talk.
Keywords: NetApp, Rock Hill , GRC Compliance Analyst, IT / Software / Systems , Asheville, South Carolina
