GRC Services, Trust, and Assurance Analyst

GRC Services, Trust, and Assurance Analyst

This role has been designed as "Hybrid" with an expectation that you will work on average 2 days per week from an HPE office.

Hewlett Packard Enterprise is a global edge-to-cloud company advancing the way people live and work. We help companies connect, protect, analyze, and act on their data and applications wherever they live, from edge to cloud, so they can turn insights into outcomes at the speed required to thrive in today’s complex world. Our culture thrives on finding new and better ways to accelerate what’s next.

We value varied backgrounds and succeed here. We have the flexibility to manage our work and personal needs. We make bold moves together and are a force for good. If you are looking to stretch and grow your career, our culture will embrace you. Open up opportunities with HPE.

At HPE’s Cybersecurity team, we are looking for a dynamic and experienced GRC expert to join our team. If you’re passionate about shaping the future of cybersecurity, we’d love to hear from you.

We’re a team focused on protecting our customers with leading-edge cybersecurity solutions. Join us to make an impact at one of the world’s leading tech companies.

As a GRC Services, Trust, and Assurance Analyst, you will monitor and report on security programs related to HPE Networking’s customer-facing applications and services, including SASE, Central, The HPE Networking Support Portal, Edge Orchestrator, and others. Your role will focus on maintaining the security and compliance of HPE Networking’s SASE products and supporting HPE Networking compliance efforts. You will leverage GRC expertise and audit experience to protect HPE Networking’s cloud applications and customer data.

You will have expertise in GRC tools and platforms for monitoring and reporting on application security programs and their compliance. Your knowledge of AWS, Microsoft Azure, and Google Cloud Platform will enable you to assess and advise on security issues within applications on these platforms. You will work independently and on high-impact projects in fast-paced environments, with advanced expertise across cyber and IT security.

Your experience with IT service accreditation, attestation, and certification frameworks such as CSA CCM, FedRAMP, PCI-DSS, SOC2, and ISO 27001—including how to obtain these accreditations and maintain them—will be critical. Strong communication skills are essential, enabling you to explain complex technical issues to non-technical audiences.

• Collaborating with R&D teams developing software for HPE Networking services to ensure understanding and adoption of NIST Secure Software Development Framework (SSDF/ SP800-218) and achievement of desired maturity targets.
• Identifying security gaps and issues, working with Engineering and Program Management to address gaps, and monitoring remediation efforts.
• Providing actionable insights and recommendations to Engineering and Product Management to incorporate requirements from applicable assessment and regulatory frameworks such as SOC 2, ISO 27001, FedRAMP, and PCI DSS.
• Executing a compliance and accreditation program for each customer-facing service based on customer needs, measuring progress and program health, and presenting this information in dashboard form for consumption by upper management and executive leadership.
• Engaging with third-party consultants, auditors, and assessors as necessary.
• Working closely with Cybersecurity Digital Risk Management, Engineering, Product Management and other teams to execute a shared responsibility model for as-a-service governance and ensure HPE Networking’s as-a-service program is effectively reflected in company governance activities.

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field or equivalent experience desired.
• 5-10 years of experience in cybersecurity, with a focus on Cybersecurity and GRC desired.
• Proven experience in audit and security program governance.
• Strong knowledge of Cybersecurity and cloud…