Security Governance, Risk, Compliance (GRC) Lead

Information Technology San Jose, California

Hungry. Humble. Honest.

Our values form the foundation of who we are and how we operate every day around the world. They show up in our ambition to achieve our dreams, our courage to do what matters, and our tenacity to keep customers happy. At Nutanix, we prize those unique individuals who demonstrate empathy, respect differences, and appreciate others. If you’re authentic, credible and transparent—someone who walks your talk and thrives on collaboration—we want you to join our team!

Be a part of building a company that is truly leading an IT revolution. We make infrastructure invisible, elevating IT to focus on the applications and services that power their business. Led by Dheeraj Pandey, one of CRN’s “Top 25 Innovators of 2016,” Nutanix welcomes big thinkers and budding entrepreneurs, those who are unafraid to take on seemingly impossible challenges and interested in learning how to build a business along the way.

Nutanix employees enjoy some amazing benefits and perks: healthcare, plenty of snacks, employee (and family) events, world renowned speakers, training and development, and much more. See what life is like at Nutanix by following us on Twitter: @NutanixCareers and Instagram: @Nutanix

Reporting to the head of cybersecurity, risk, and compliance, the GRC lead will build a program from the ground up including security policy, risk management process, and compliance with standards and regulations such as ISO27001 and EU GDPR.


  • Develop the GRC operating model and a service-oriented customer engagement model.
  • Operationalize various GRC capability areas such as enterprise security risk management, compliance management, policy management, security awareness training, third party risk management, and metrics and reporting.
  • Lead the operationalization of security compliance programs to support various compliance regulations.
  • Perform risk assessments that address security threats, changes to systems and/or applications, process improvement initiatives, supplier assessments (including downstream outsourcers) and other requests from the business.
  • Work with various operational and business teams to drive toward a cohesive view of security risk and drive remediation items to closure. Maintain accurate reporting of remediation activities to bring appropriate visibility to stakeholders.
  • Monitor the security risk profiles of our suppliers to objectively determine high risk suppliers that require additional review.
  • Establish and maintain security metrics and reporting.
  • Respond to customer security/compliance questionnaires
  • Act as security risk management “ambassador” to internal customers.

Accountable for

  • The use of defined risk methodologies and best practices to perform IT/Security assessments. Responsible for the planning, scoping and execution of these assessments.
  • Driving remediation activities from identification, remediation plan and closure. Hold owners accountable to delivery of remediation solution within the agreed upon/reasonable SLA.
  • Development of actionable and agile security compliance programs to support various compliance regulations.
  • Operationalization of a metrics and reporting function to continually report on meaningful security, risk and compliance metrics for operational and executive management . Develop and manage the automation of KRIs and KPI reporting that align with operational/business risk areas and corporate risk.


  • Candidate must have 7+ years working in governance, risk and compliance and/or information security and risk management.
  • Functional knowledge of the CISSP security domains and information security industry standard and best practices.
  • Functional knowledge of applicable security regulatory requirements (SOX, GDPR).
  • Functional knowledge of ISMS governance models (i.e. ISO 27001, NIST, CAIQ), information security roles, security controls.
  • Functional knowledge of common security certifications (i.e. ISO 27001, SOC1, SOC2, Webtrust) and ability to glean significance from findings identified in these reports.
  • Ability to communicate risk methodologies and concepts to the business unit and IT.
  • Demonstrated experience with controls definition, development, implementation and assessment.
  • Strong interpersonal skills and ability to work effectively with diverse and distributed teams.
  • Strong attention to detail, project management and organizational skills.


Nutanix is an equal opportunity employer.

The Equal Employment Opportunity Policy is to provide fair and equal employment opportunity for all associates and job applicants regardless of race, color, religion, national origin, gender, sexual orientation, age, marital status, or disability. Nutanix hires and promotes individuals solely on the basis of their qualifications for the job to be filled.

Nutanix believes that associates should be provided with a working environment that enables each associate to be productive and to work to the best of his or her ability. We do not condone or tolerate an atmosphere of intimidation or harassment based on race, color, religion, national origin, gender, sexual orientation, age, marital status or disability.

We expect and require the cooperation of all associates in maintaining a discrimination and harassment-free atmosphere.