Job Description
Security Engineer (L5) - Governance and Assurance
Netflix is one of the world's leading entertainment services with 283 million paid memberships in over 190 countries enjoying TV series, films and games across a wide variety of genres and languages. Members can play, pause and resume watching as much as they want, anytime, anywhere, and can change their plans at any time.
The Role
Netflix is seeking a second-line Enterprise Governance and Assurance Engineer (L5). The ideal person will be a strong Governance, Risk, and Compliance (GRC) generalist with a deep passion for governance. We seek a problem-solver with a comprehensive understanding of the regulatory landscape and cloud technologies. Experience in security, risk, governance, audit, process excellence, and compliance is mandatory, an understanding of studio and content development is a plus.
The Team
The Enterprise Governance & Assurance organization is responsible for helping Netflix take the appropriate security and technology risks to support continued growth and rapid innovation while protecting the company from existential harm. This role sits in our Governance, Compliance, and Engineering team and supports the business in improving decision-making by understanding our risks.
Key Responsibilities:
• Design and implement automation for partner trust, assurance, compliance, and regulatory activities, especially for SOX processes. Design and oversee security controls, risk assessment frameworks, policy development, and compliance programs.
• Evaluate risks and develop security standards, procedures, guidelines, and policies for information and data governance in collaboration with the business areas.
• Develop reporting metrics, dashboards, and evidence artifacts demonstrating the value of governance.
• Create, optimize, and support cross-functional working groups and projects to enhance the efficacy and effectiveness of policy and guidance across the organization.
• Document and report assurance failures, inconsistencies, and gaps to stakeholders.
• Integrate GRC systems with cross-functional stakeholder systems to ensure accuracy and consistency.
• Be the subject matter expert for policy development and control alignment.
• Enterprise risk management and business continuity experience helpful
In your day-to-day, you will need to exercise sound judgment, curiosity, and flexibility in making trade-offs between short versus long-term security and business goals. You will demonstrate resilience and navigate difficult situations with composure and tac, to achieve a great outcome for the business. You will succeed in this role by regularly analyzing your performance with a critical eye. A broad understanding of the Netflix business and its partnerships is required. This position will also provide training, advice, and mentorship to other teams throughout Netflix on the value of governance.
What You'll Bring:
• Strong technical writing and critical thinking skills grounded in enterprise governance principles, quantitative risk analysis, and meeting people where they are with an eye toward maturing the governance program.
• Data (including metadata), information (throughout its lifecycle), identity, and privacy governance skills and knowledge required.
• Well-versed in SOX compliance regulations, specifically control design for user access review automation and integration of various tools and applications.
• Expertise with frameworks such as NIST CSF 2.0, ISO 27001, PCI DSS, etc.
• Experience with international standards (GDPR, NIS-2, Cyber Resilience Act, K-ISMS (Korea).
• Audit experience is a significant advantage. Additional qualities include careful consideration of control design, optimization of effective controls to meet control objectives, and achieving compliance as a byproduct of well-designed control implementation and assurance monitoring.
• Ability to influence and lead business partners and supporting teams.
• Resilience and composure in navigating difficult situations.
• An eagerness to gain a comprehensive understanding of Netflix's business and partnerships. A person well-versed in risk appetite/tolerance and how it can be adapted for different tolerances in different parts of the business while still meeting control objectives is the type of mindset we seek.
• Ability to provide training, advice, and mentorship to other teams.
Cultural attributes:
• Ability to align with Netflix's unique culture memo.
• Document compliance that satisfies regulators, brings consistency to procedures/guidance, and meets people where they are, while living Netflix's culture principles of ''context not control'' and ''guardrails not rules.''
Compensation:
Generally, our compensation structure consists solely of an annual salary; we do not have bonuses. You choose each year how much of your compensation you want in salary versus stock options. To determine your personal top of market compensation, we rely on market indicators and consider your specific job family, background, skills, and experience to determine your compensation in the market range. The range for this role is 100,000 - $720,000.
Benefits:
Netflix provides comprehensive benefits including Health Plans, Mental Health support, a 401(k) Retirement Plan with employer match, Stock Option Program, Disability Programs, Health Savings and Flexible Spending Accounts, Family-forming benefits, and Life and Serious Injury Benefits. We also offer paid leave of absence programs. Full-time hourly employees accrue 35 days annually for paid time off to be used for vacation, holidays, and sick paid time off. Full-time salaried employees are immediately entitled to flexible time off. See more detail about our Benefits here
Culture:
Netflix is a unique culture and environment. Learn more here.
We are an equal-opportunity employer and celebrate diversity, recognizing that diversity of thought and background builds stronger teams. We approach diversity and inclusion seriously and thoughtfully. We do not discriminate on the basis of race, religion, color, ancestry, national origin, caste, sex, sexual orientation, gender, gender identity or expression, age, disability, medical condition, pregnancy, genetic makeup, marital status, or military service.
We are an equal-opportunity employer and celebrate diversity, recognizing that diversity of thought and background builds stronger teams. We approach diversity and inclusion seriously and thoughtfully. We do not discriminate on the basis of race, religion, color, ancestry, national origin, caste, sex, sexual orientation, gender, gender identity or expression, age, disability, medical condition, pregnancy, genetic makeup, marital status, or military service.
Job is open for no less than 7 days and will be removed when the position is filled.
Jobcode: Reference SBJ-r130wm-18-97-9-171-42 in your application.