Security Engineer (L4) - GRC

Posted Sep 21

At Netflix, we have a strategic bet to build and bring engineering to GRC. We believe that this bet will improve our speed of trust within the business, increase our coverage, and enable our partners to focus on the work that supports business outcomes and values. The STAR team sponsors, influences, and facilitates the environment of trust and transparency necessary for Netflix to achieve its business goals. The team consists of GRC, Enterprise Continuity, and Assurance activities. The constant rate of change within our engineering environments and business environments puts us in a position to design and implement new ways to solve these activities at scale. This role will impact key stakeholders such as Legal, HR, Security Engineering, and Finance to name a few.

To support our investment in this space, we need to take smart risks, and you will enable Netflix to lean into those smart risks by building out this foundational program. We are looking for thoughtful, risk-oriented professionals to enable our mission and support our inclusive culture. In this role, you will help establish and execute a broad strategic vision for the risk program at Netflix. You will not only work within the team but also cross-functionally with various teams across the organization. 

Our organization is looking for a new team member to:

  • Design and implement automation for key regulatory and compliance activities
  • Challenge and expand our thinking surrounding engineering and GRC
  • Improve our reporting, metrics and assurance within GRC and with our stakeholders
  • Promote and demonstrate the relevance and importance of security controls and how they provide business value
  • Expand the utilization of our GRC Platform within the business
  • Integrate GRC systems with cross-functional stakeholders to ensure accuracy and consistency
  • Contribute to improving our continuous improvement activities including integrating best practices for GRC systems

You are excited about this opportunity because…

  • You are enthusiastic about bridging the gap between GRC and Engineering
  • You have demonstrated knowledge of large data handling and systems integration
  • You have knowledge of various regulations and controls (SOX, PCI, CCPA, GDPR, etc)
  • You are excited about developing and growing our GRC Engineering capabilities
  • You can share impact through visualization and BI tools (Tableau, etc.)
  • You have a passion for risk management, information security, metrics, efficient security operations, and effective control designs
  • Visualizing GRC data for people to consume and use effectively is something you are good at doing

To be successful in this role, we are looking for individuals that…

  • Can develop scripts in various scripting languages (Python, Go, etc.) and peer review code / implementation / automation scripts
  • Familiarity with RESTful API 
  • Have familiarity with AWS infrastructure
  • Can connect the dots around the business value of control automation, testing, and effectiveness 
  • Operate within an environment of ambiguity and create clarity 
  • Participate in risk management, decision-making, and collaborative discussions
  • Can communicate with clarity (written and verbal)
  • Understand relevant data collection, data cleaning, and data analysis techniques
  • Utilize your experiences to help drive changes within our programs
  • Develop templates and instructional materials to help your fellow team members
  • Monitor and identify opportunities to improve the effectiveness and quality of our program
  • Manage and execute against key deliverables

Core value skills - must-have

  • Attention to detail
  • Inclusivity
  • Broad knowledge of how to operationalize the management of risk as a part of regular workflow
  • Autonomously drives work delivery (bias to action)
  • Strong communication (technical, status/blockers, cross-functional)
  • Cross-functional collaboration

Our security approach is influenced by our “Freedom and Responsibility” and “Context not Control” principles. As a result, employees have tremendous freedom in their work and the corresponding responsibility and accountability to do the right thing for Netflix. Read more about the Netflix culture here.

The overall market range for roles in this area of Netflix is typically $100,000 - 700,000

This market range is based on total compensation (vs. only base salary), which is in line with our compensation philosophy. Netflix is a unique culture and environment. Learn more here.

We are an equal opportunity employer and celebrate diversity, recognizing that diversity of thought and background builds stronger teams. We approach diversity and inclusion seriously and thoughtfully. We do not discriminate on the basis of race, religion, color, ancestry, national origin, caste, sex, sexual orientation, gender, gender identity or expression, age, disability, medical condition, pregnancy, genetic makeup, marital status, or military service.