Description

About Netskope

Today, there's more data and users outside the enterprise than inside, causing the network perimeter as we know it to dissolve. We realized a new perimeter was needed, one that is built in the cloud and follows and protects data wherever it goes, so we started Netskope to redefine Cloud, Network and Data Security.

Since 2012, we have built the market-leading cloud security company and an award-winning culture powered by hundreds of employees spread across offices in Santa Clara, St. Louis, Bangalore, London, Paris, Melbourne, Taipei, and Tokyo. Our core values are openness, honesty, and transparency, and we purposely developed our open desk layouts and large meeting spaces to support and promote partnerships, collaboration, and teamwork. From catered lunches and office celebrations to employee recognition events and social professional groups such as the Awesome Women of Netskope (AWON), we strive to keep work fun, supportive and interactive. Visit us at Netskope Careers. Please follow us on LinkedIn and Twitter@Netskope.

About the position:

Principal EngineerCompliance Program DirectorManager - GRC Global Federal (APJ - ISMAP and IRAP)

Job Overview

As a Compliance Analyst for the Asia-Pacific & Japan (APJ) region, you will play a pivotal role in scaling the organization by leading supporting the Global Federal Public Sector APJ Asia Pacific Region Compliance program. Operating as a key member of the Global Information Security (GIS) team, you will lead the effort to ensure adherence to international and regional regulatory frameworks, specifically managing the cloud certifications such as Japan's ISMAP and Australia's IRAP alongside other regional standards. You will collaborate with business stakeholders to drive Global Federal GRC activities, administer GRC solutions, and assist in the management of the Information Security Management System (ISMS). This position is critical to achieving our compliance objectives and maturing our controls and overall Information Security program.

Job Responsibilities:

• Prepare and lead Netskope to obtain and maintain Information system Security Management and Assessment Program (ISMAP) government certification/registration for the Japanese Market, including maintaining ongoing compliance for the InfoSec Registered Assessors Program (IRAP) for the Australian Market.
• Create and drive the compliance roadmap for APJ, including ISMAP and IRAP, along with future compliance certifications to support the business.
• Be the GRC primary interface with the Netskope APJ Sales team, communicating status of the compliance program and communicating all requirements from Sales to GRC Leadership.
• Lead the cCoordination and e and support the audit of the Netskope cloud platform with relation to the above certifications, serving as the primary Netskope champion to external auditors, and leading evidence gathering and validation, and meeting with both internal and external stakeholders as needed.
• Reviewing, writing, and finalizing the ISMAP control mapping
• Conduct targeted testing of systems and processes to validate alignment with ISMAP controls and work with teams to remediate deficiencies.
• Lead the coordination , collection and analysis of evidenceofanalyzeaAnalyaiaze evidence collected and determine whether evidence meets program requirements.
• Educate internal stakeholders on program control requirements, translating control requirements into business requirements.
• Perform the role as the primary in-country contact and liaison with Japan Independent Administrative Agency Information-technology Promotion Agency (IPA) on all matters related to the ISMAP registration and ongoing compliance
• Build and maintain healthy business relationships with external auditors and have the conviction to respectfully challenge control interpretations and be able to speak confidently to compensating controls, where warranted.
• Assemble, submit, and maintain program packages, including the application (Declaration Document), control responses, audit attestation and report
• Optimize the audit process, directly increasing readiness and efficiency both for the GRC team and cross-functional control owners.
• Strengthen and foster key stakeholder alignment by improving the way the GRC Team engages with cross-functional partners, reducing friction in the audit cycle.
• Where required properly scope and select compliance program control objectives to align with the functionality of the Netskope platform and features provided as a part of the compliance program packages.
• Develop and maintain all program Control Mappings, reviewing control description and related policy documents and identifying and remediating any gaps between control description and program control criteria.
• Ensure Netskope Policies and Procedures and ISO 27001 Information Security Management System (ISMS) Manual align with program criteria requirements including but not limited to ISMS Plan, Policies, and Procedures.
• Fostering the use of AI to scale work efforts and increase delivery speed.
• Work closely with internal stake holder and control owner teams (Engineering, Support, HR, etc) to ensure all the Security and Compliance controls are operating effectively to sufficiently address the underlying risk of the security and compliance requirements of the framework.
• Proactively maintain awareness of emerging regional trends and changes to Industry Standards and benchmarks in the APAC region.
• Assist in recommending alternative approaches for risk mitigation
• Develop and maintain mandatory documentation (i.e., ISMAP and IRAP program packages and supporting documents) in support of audits and customer compliance needs
• Manage and complete customer risk assessments including audits and evidence collection from relevant stakeholders
• Monitor control effectiveness and escalate where issues are identified
• Contribute and co-manages KPI programs including monitoring and metrics
• Ensure program audit findings and improvement areas are managed, tracked and remediated in a timely manner and communicate risk to Netskope management.
• Collaborate with Internal Audit and other assessors on technical audits.
• Scale to leading a compliance team in APJ and demonstrating technical and strategic depth to ensure continual improvement of the program and to obtain additional compliance certifications in APJ to drive Netskope's success in the region.
• As this role scales to a manager level, deliver operational excellence for the broader team, mentoring team members to exceed their specific delivery goals.
• General knowledge of cyber security and cloud technologies to secure an organization.
• General knowledge of risk management and how to use risk management in a security program.

Qualifications:

• A minimum of fifteenfive (15) years' experience in Information Security and/or Technology, related cybersecurity regulatory compliance experience
• Proven leadership of a Compliance Program, specifically the track record of achieving and maintaining ISMAP and IRAP certifications.
• College Degree or equivalent in experience.
• Extensive experience in cybersecurity or information security, with a focus on security operations, risk management, and compliance.
• Experience working in a fast-paced, dynamic environment with the ability to adapt quickly to changing priorities and requirements.
• Prefer candidates with technical and IT security certifications, such as CISSP, CISM, CISA or equivalent.
• Strong understanding of security frameworks, standards, and regulations suchregulations Knowledge of compliance frameworks such as ISMAP, IRAP, SOC 2, ISO 27001, NIST, PCI, etc. and their application within enterprise and cloud environments.
• Language Proficiency: Fluent in reading and writing Japanese and English.
• Knowledge of common IT systems (Operating Systems, network devices, applications), Core IT processes/services such as SDLC, Identity and Access Management, Vulnerability Management, Backup and DR processes will be useful
• Experience with AWS, Azure & GCP environments is a plus.
• Good interpersonal, verbal and written communication skills. It is important that the candidate is a team player and possesses strong organizational and planning skill
• Ability to connect and communicate with both business and IT technical staff including IT and Business management.
• Commitment to continuous learning and professional development, staying informed about emerging security threats, trends, and technologies.

Required Skills & Experience:

• Establishes operational objectives, policies, procedures and work plans and has the capability to delegate assignments to subordinates.
• Develops, modifies and executes company policies that affect immediate operations and may also have company wide effect.
• Advanced understanding of functional area and a competent understanding of the overall company and competitive environment.
• Works on issues where analysis of situations or data requires conceptual thinking and an in-depth knowledge of organizational objectives.
• Implements policies and selects methods, techniques, and evaluation criteria for obtaining results.
• Drives the strategy and success of larger projects which contribute to multiple areas of the organization.
• Interacts regularly with lower and/or senior management on matters concerning several functional areas, department, and/or customers.
• Has the ability to persuade others in sensitive complex situations while preserving relationships.
• Applies knowledge to convince other stakeholders on desired departmental outcomes.
• Has the capability to oversee experienced level professionals and/or subordinate managers.
• Frequently advises team(s) on moderately complex matters.
• May be accountable for department budgets which may be broad and have a far reaching impact on the business segment.
• Highly analytical with the ability to present analysis.
• Excellent written and verbal communication.
• Experience in performing risk assessments, describing compensating controls and prioritizing control implementation based on risk.
• Experience in maintaining metrics and measures.
• Experience in leading supporting compliance programs and customer audits from end-to-end
• General understanding of cloud technologies
• General understanding of meeting multiple federal and industry compliance frameworks such as PBMM, CSA STAR, HIPAA, PCI-DSS, etc.

Preferred Skills:

• Knowledge and experience in managing GRC tools.
• Experience with vulnerability management tools and vulnerability risk analysis
• Ability to be an active member of a team
• Ability to communicate effectively (written and verbal)
• Self-motivated to work on tasks independently within the team
• Ability to educate other members of the on existing processes and technologies
• Self starter and quick learner
• Ability to ask questions and challenge the status quo.
• Knowledgeable pertaining to news and current events.

GL-1

Netskope is committed to implementing equal employment opportunities for all employees and applicants for employment. Netskope does not discriminate in employment opportunities or practices based on religion, race, color, sex, marital or veteran statues, age, national origin, ancestry, physical or mental disability, medical condition, sexual orientation, gender identity/expression, genetic information, pregnancy (including childbirth, lactation and related medical conditions), or any other characteristic protected by the laws or regulations of any jurisdiction in which we operate.

Netskope respects your privacy and is committed to protecting the personal information you share with us, please refer to Netskope's Privacy Policy for more details.

The application window for this position is expected to close within 50 days. You may apply by filling out the below information, or visiting our Netskope Careers site.