GRC Compliance Analyst Position Available In Buncombe, North Carolina

Job Description:

About NetApp NetApp is the intelligent data infrastructurecompany, turning a world of disruption into opportunity for everycustomer. No matter the data type, workload or environment, we helpour customers identify and realize new business possibilities. Andit all starts with our people. If this sounds like something youwant to be part of, NetApp is the place for you. You can help bringnew ideas to life, approaching each challenge with fresh eyes. Ofcourse, you won’t be doing it alone. At NetApp, we’re all aboutasking for help when we need it, collaborating with others, andpartnering across the organization – and beyond. Job SummaryNetApp’s Security Team is looking for a driven and detail-orientedGRC Analyst with a strong focus on compliance to help scale andmature our governance, risk, and compliance programs. In this role,you’ll be a key contributor to ensuring our organization meetsregulatory, contractual, and internal security obligations across arange of compliance frameworks, including

NIST 800-53, SOC

2, ISO27001, GDPR, DORA, and others. You will be responsible forsupporting and enhancing core compliance activities such as controlassessments, audit readiness, customer due diligence, and policymanagement, while actively driving process improvements andautomation initiatives. You’ll work cross-functionally withproduct, security, legal, and customer-facing teams to ensure thatour compliance posture not only meets standards but also enablestrust, reduces risk, and supports business growth. This role isideal for someone who is passionate about operationalizingcompliance, thrives in a fast-paced environment, and is eager todrive impact-based results through thoughtful, customer-focusedexecution. Duties and Responsibilities Own and manage theend-to-end process for completing customer security questionnaires,RFPs, and RFIs—working cross-functionally to ensure accurate,compelling, and timely responses. Contribute to the design andenhancement of customer-facing security product systems anddocumentation to support compliance transparency and trust. Supportand optimize the implementation of SaaS-based GRC tools andcompliance workflows to improve efficiency and scalability.

Coordinate and help lead internal readiness activities forframeworks such as

SOC 2, ISO

27001, GDPR, HIPAA, or NIST.Participate in or lead compliance-related customer escalations,ensuring timely communication and resolution while maintaining acustomer-first mindset. Assist with internal and external audits,including evidence gathering, documentation review, and auditfollow-up actions. Analyze compliance trends, risks, and gaps, andwork with stakeholders to develop actionable remediation andimprovement plans. Maintain and improve compliance policies,procedures, and control documentation in collaboration withsecurity, legal, and product teams. Assist in reviewingcustomer/partner contracts for Information Security requirementsEnsures all Security policy and procedures are documented andupdated according to Global Security Standards, deadlines are met,approvals obtained, guidelines followed, repository usageunderstood, and repository / system of record up-to-date as definedby the Global Cybersecurity Governance program MinimumQualifications 2-4 years of experience in GRC, cybersecuritycompliance, risk management, audit, or a related function.

Demonstrated experience with compliance frameworks such as

SOC 2,ISO

27001, GDPR, HIPAA, or others. Hands-on experience supportingSaaS-based security and compliance initiatives, preferably in a B2Bor cloud-first environment. Strong understanding of customer trustrequirements, including handling of security assessments,questionnaires, and third-party due diligence. Familiarity with GRCplatforms (e.g., TrustCloud, SafeBase) or ticketing/projectmanagement tools (e.g., Jira, Asana, ServiceNow). An ability totranslate technical or regulatory language into clear,business-relevant terms for internal and external audiences.

KeySoft Skills Results-driven:

You focus on outcomes, not just tasks,and prioritize work that delivers business value and reduces risk.

Effective communicator: Skilled in cross-functional collaborationand able to confidently engage with technical teams, legal, sales,and customers.

Customer-focused:

Understands how compliancesupports trust and revenue; brings empathy and clarity to everyinteraction.

Analytical and detail-oriented:

Comfortableinterpreting regulations, identifying risks, and developingsolutions.

Organized and self-directed:

Manages multiple prioritieswith minimal supervision while maintaining high standards ofaccuracy and quality.

Adaptable and curious:

Thrives in fast-pacedenvironments and seeks continuous improvement in systems andprocesses. Education Bachelor’s degree in Cybersecurity,Information Systems, Legal Studies, Business Administration, or arelated field. Professional certifications (e.g., CISA, CRISC,CCSK, ISO 27001 Lead Implementer) are a plus but not required.

Preferred Qualifications:

Information security related training orcertifications such as CISSP, CISA or CRISC Project managementexperience Experience performing information security audits orrisk assessments Familiarity with security audit or risk managementprocesses

Compensation:

The target salary range for this positionis 99,450 – 147,400 USD. The salary offered will be determined bythe candidate’s location, qualifications, experience, and educationand may be outside of this range. Final compensation packages arecompetitive and in line with industry standards, reflecting avariety of factors, and include a comprehensive benefits package.

This may cover Health Insurance, Life Insurance, Retirement orPension Plans, Paid Time Off (PTO), various Leave options,Performance-Based Incentives, employee stock purchase plan, and/orrestricted stocks (RSU’s), with all offerings subject to regionalvariations and governed by local laws, regulations, and companypolicies. Benefits may vary by country and region, and furtherdetails will be provided as part of the recruitment process. AtNetApp, we embrace a hybrid working environment designed tostrengthen connection, collaboration, and culture for allemployees. This means that most roles will have some level ofin-office and/or in-person expectations, which will be sharedduring the recruitment process.

Equal Opportunity Employer:

NetAppis firmly committed to Equal Employment Opportunity (EEO) and tocompliance with all federal, state and local laws that prohibitemployment discrimination based on age, race, color, gender, sexualorientation, gender identity, national origin, religion, disabilityor genetic information, pregnancy, protected veteran status, andany other protected classification. Why NetApp? We are all abouthelping customers turn challenges into business opportunity. Itstarts with bringing new thinking to age-old problems, like how touse data most effectively to run better – but also to innovate. Wetailor our approach to the customer’s unique needs with acombination of fresh thinking and proven approaches. We enable ahealthy work-life balance. Our volunteer time off program is bestin class, offering employees 40 hours of paid time per year tovolunteer with their favorite organizations. We providecomprehensive medical, dental, wellness, and vision plans for youand your family. We offer educational assistance, legal services,and access to discounts. Finally, we provide financial savingsprograms to help you plan for your future. If you want to help usbuild knowledge and solve big problems, let’s talk.