Technical Program Manager - Cloud Security / Governance, Risk & Compliance
Company: NetApp
Location: Asheville
Posted on: June 24, 2025
|
|
|
Job Description:
About NetApp NetApp is the intelligent data infrastructure
company, turning a world of disruption into opportunity for every
customer. No matter the data type, workload or environment, we help
our customers identify and realize new business possibilities. And
it all starts with our people. If this sounds like something you
want to be part of, NetApp is the place for you. You can help bring
new ideas to life, approaching each challenge with fresh eyes. Of
course, you won't be doing it alone. At NetApp, we're all about
asking for help when we need it, collaborating with others, and
partnering across the organization - and beyond. About NetApp We’re
forward-thinking technology people with heart. We make our own
rules, drive our own opportunities, and try to approach every
challenge with fresh eyes. Of course, we can’t do it alone. We know
when to ask for help, collaborate with others, and partner with
smart people. We embrace diversity and openness because it’s in our
DNA. We push limits and reward great ideas. What is your great
idea? About the Role As a GRC TPM in the Cloud business, you will
join a growing Security & Compliance team within NetApp’s
fastest-growing business - https://cloud.netapp.com/ . The role is
to design, implement, and assess security controls from a technical
lens. If you are passionate about doing Security & Compliance at
the cloud scale in an innovative and automated
(compliance-as-a-code) way – this role is for you. The position can
influence and impact security, compliance, and assurance efforts
across teams, products, and functions within the company. For the
right candidate, the role will be shaped and scoped based on your
strengths. We are looking at a broad set of skills. Let’s chat.
Responsibilities Drive compliance with a technical lens. Design,
implement, maintain, and improve compliance programs to address key
risks and prepare product teams for assessments against various
regulatory and compliance frameworks (ISO/IEC 27001, SOC2, PCI,
NIST, FedRamp, etc.) Partner with Engineering, SRE, Product, Cloud
Security, Legal, Privacy, and Corporate Security teams to
collaborate on pragmatic solutions to security risks and compliance
issues. Assist with improving internal policies, processes, and
overall security governance. Drive automation and assist with the
adoption of GRC tooling within business. Perform technical gap
assessments and risk assessments. Facilitate control monitoring
activities. Closely work with the Cloud Security team on
initiatives and any risks impacting your area of responsibility.
Identify opportunities that create a positive impact on our
activities and achieve efficiencies. Maintain and optimize security
compliance monitoring and alerting systems and advise control
owners on system policy violations. Job Requirements 5 years of
experience in building and maintaining security risk & compliance
programs. Experience in implementing technical security controls
and assessing compliance standards (ISO/IEC 27001, SOC2, PCI, NIST,
FedRamp, etc.) over infrastructure, applications, and Development
and Cloud Engineering processes. Ability to assess security risks
in a cloud environment Strong understanding of technical concepts
relevant to cloud computing environments: virtual infrastructure
(cloud resources on AWS/Azure, Kubernetes technology, and
containers), logical access control, DevOps development process,
secure coding principles, CI/CD processes, logging & monitoring,
incident response, cryptography, network security, and privacy,
etc. Familiarity with native security and compliance capabilities
within cloud providers and technologies/processes around SIEM,
vulnerability scanning, cloud security configuration, endpoint
detection & response tools, and other infrastructure security tools
Excellent writing and communication skills with attention to detail
Strong project management and organizational skills - must be able
to drive your own projects to completion. Ability to work in a
fast-paced and sometimes unorganized environment with multiple
teams A big plus if you have any of these Similar experience within
a SaaS product company or Big4 auditing/consulting experience with
a strong focus on Security advisory Experience with FedRamp
Education Bachelors or Master of Engineering – preferably in
Computers or IT. Professional certifications/ education in
Security/Compliance - AWS certifications, CISA, CISSP, CCSK, CIPP,
or similar ISO 27001 Compensation: The target salary range for this
position is 130,050 - 193,600 USD. The salary offered will be
determined by the candidate's location, qualifications, experience,
and education and may be outside of this range. Final compensation
packages are competitive and in line with industry standards,
reflecting a variety of factors, and include a comprehensive
benefits package. This may cover Health Insurance, Life Insurance,
Retirement or Pension Plans, Paid Time Off (PTO), various Leave
options, Performance-Based Incentives, employee stock purchase
plan, and/or restricted stocks (RSU’s), with all offerings subject
to regional variations and governed by local laws, regulations, and
company policies. Benefits may vary by country and region, and
further details will be provided as part of the recruitment
process. At NetApp, we embrace a hybrid working environment
designed to strengthen connection, collaboration, and culture for
all employees. This means that most roles will have some level of
in-office and/or in-person expectations, which will be shared
during the recruitment process. Equal Opportunity Employer: NetApp
is firmly committed to Equal Employment Opportunity (EEO) and to
compliance with all federal, state and local laws that prohibit
employment discrimination based on age, race, color, gender, sexual
orientation, gender identity, national origin, religion, disability
or genetic information, pregnancy, protected veteran status, and
any other protected classification. Why NetApp? We are all about
helping customers turn challenges into business opportunity. It
starts with bringing new thinking to age-old problems, like how to
use data most effectively to run better - but also to innovate. We
tailor our approach to the customer's unique needs with a
combination of fresh thinking and proven approaches. We enable a
healthy work-life balance. Our volunteer time off program is best
in class, offering employees 40 hours of paid time per year to
volunteer with their favorite organizations. We provide
comprehensive medical, dental, wellness, and vision plans for you
and your family. We offer educational assistance, legal services,
and access to discounts. Finally, we provide financial savings
programs to help you plan for your future. If you want to help us
build knowledge and solve big problems, let's talk.
Keywords: NetApp, Rock Hill , Technical Program Manager - Cloud Security / Governance, Risk & Compliance, IT / Software / Systems , Asheville, South Carolina
