GRC Engineer

Description

Enphase Energy is a global energy technology company and leading provider of solar, battery, and electric vehicle charging products. Founded in 2006, Enphase transformed the solar industry with our revolutionary microinverter technology, which turns sunlight into a safe, reliable, resilient, and scalable source of energy to power our lives. Today, the Enphase Energy System helps people make, use, save, and sell their own power. Enphase is also one of the fastest growing and innovative clean energy companies in the world, with approximately 68 million products installed across more than 145 countries.

We are building teams that are designing, developing, and manufacturing next-generation energy technologies and our work environment is fast-paced, fun and full of exciting new projects.

If you are passionate about advancing a more sustainable future, this is the perfect time to join Enphase!

About the role:

Enphase Energy’s Information Security (InfoSec) organization is a growing collaborative team focused on protecting Enphase’s data and technology assets from cyber risks and threats, internal and external, while driving a security culture into the business use of IT. This is our team mission, and we are passionate about it. The InfoSec organization provides information- and cyber-security services to Enphase’s businesses and our goal is to provide safe, secure, and resilient IT services to our stakeholders.

A key part of achieving that goal is providing modern and comprehensive GRC (Governance, Risk and Compliance) to support Compliance Program areas, Legal and Regulatory processes, risks, and controls and provide oversight to ensure internal standards and applicable regulatory requirements are satisfied. Enphase’s IT Security GRC Team will perform periodic testing, monitoring, and validation of business controls for compliance with applicable laws and regulations.

To achieve these objectives, the InfoSec organization is looking for a GRC expert to drive the GRC program.

Key Responsibilities:

• Manage end-to-end Enphase SOC2 Type2 audit requirements and recurring compliance activities.
• Handling SOX ITGC audit activities including the new SEC Cyber Security Requirements.
• Work with the Internal Audit Team to address IT control gap and manage risk.
• Conduct security reviews of internal systems and identify areas of improvement.
• Manage the Governance part of Vulnerability Management. Collaborate with teams on vulnerability remediation.
• Identify and report new IS risks in the IS Risk Registers on a continuous basis. Report top risks to the management.
• Perform Vendor Security Review for new and existing vendors. Review Vendor agreements for Information Security related clauses.
• Create, Update, and enforce IS Policies and Procedures. Track policy compliance across the organization and conduct policy awareness sessions.
• Create and maintain an information security dashboard on in-house analytics tool.
• Drive Identity and Access Management review for critical apps.
• Provide periodic updates to internal stakeholders on adherence to IS compliance requirements
• Collaborate with SecOps, Security Engineering and Product Security Team to prioritize and address security gaps.

Required Skill and Experience:

• 3-5 yrs of experience in IS GRC focusing on regulatory compliance.
• In depth understanding of security standards and frameworks (E.g. ISO 27001, NIST CSF, PCI DSS, SOX 404, SOC2, NIS2 and PCI DSS.
• Should be a Graduate – B.E/ B.Tech with specialization in Computer Science, IT, IS/Cyber Security, or relevant IT-related fields.
• Should have scored 70% and above in 10th, 12th, and Graduation.
• Knowledge of Python or similar scripting language. Knowledge of PySpark or SparkSQL is an added advantage.
• Excellent Data Analysis and Presentation skills using Microsoft Excel and PowerPoint.
• Certifications (Preferred): CompTIA Security+, CISA (not mandatory)
• Highly responsive and proven professionalism in communication, interpersonal, analytical, and organizational skills.
• Ability to synthesize a variety of data points, problem-solve, and formulate comprehensive and effective execution and risk mitigation plans.
• Desired Skill and Experience:
• High degree of creativity and “out-of-the-box” thinking.
• Able to execute multiple projects simultaneously in fast-paced environments.
• Ability to share knowledge and collaborate by developing content and documentation for distribution to other team members, managers, and customers.
• Ability to work in a fast-paced, collaborative, and ever-changing global environment.
• Takes responsibility and achieves results.
• Must be extremely flexible and able to manage multiple tasks and priorities on very tight deadlines.
• Outstanding organization skills.