Job Description

About Enphase Enphase Energy is one of the fastest growing solar companies in the world. By combining the power of solar energy and the proven advantages of communications technology, Enphase Energy makes solar power systems productive, reliable, smart, and safe. Our microinverter system is profoundly changing the way solar systems function, and as a result, changing the solar industry itself. As we continue our growth, we are building teams with highly talented and motivated people. Our work environment is fast-paced, fun, and full of exciting projects. We are seeking top tier talent to join our leading-edge green tech company where you will be part of an accomplished and enthusiastic technical cross-functional organization. Come be a part of the industry leader pioneering improvements in the way Solar Energy delivered to homes and businesses.
Enphase Energy’s Information Security (InfoSec) organization is a growing collaborative team focused on protecting Enphase’s data and technology assets from cyber risks and threats, internal and external, while driving a security culture into the business use of IT. This is our team mission, and we are passionate about it. The InfoSec organization provides information- and cyber-security services to Enphase’s businesses and our goal is to provide safe, secure, and resilient IT services to our stakeholders. A key part of achieving that goal is providing modern and comprehensive GRC (Governance, Risk and Compliance) to support Compliance Program areas, Legal and Regulatory processes, risks and controls and provide oversight to ensure internal standards and applicable regulatory requirements are satisfied. Enphase’s IT Security GRC will perform periodic testing, monitoring, and validation of business controls for compliance with applicable laws and regulations. To achieve these objectives, the InfoSec organization is looking for a GRC expert to drive the GRC program. Key Responsibilities The GRC Analyst will have responsibility for the following:

• Build and Run Security Assurance program to ensure Enphase systems/platforms/applications are maintained at required security posture all the time.
• Build and run Security Assessment/review process to ensure all the systems/platform/applications deployed in production environment go through necessary security reviews and all required controls are In place.
• Develop GRC testing strategies, work plans, and test steps working with manager
• Independently execute GRC testing engagements for Compliance Program areas, as assigned, to validate that controls are working as intended
• For issues identified in testing, provide recommendations for control enhancements and follow-up as necessary to ensure proper resolution
• Review to business developed remediation plans to ensure they address the gaps identified during testing
• Coordinate testing activities with Enphase business stakeholders who are integral to the operational process of the Substantive Compliance Program areas
• Develop data points into Information Security risk management reporting activities, including dashboards, metrics, and executive reporting content
• Update Cybersecurity leadership on the status of technology risk and compliance issues based on assessment results and information from various monitoring and control systems.
• Stay abreast of laws and regulations related relevant Compliance Programs
• Perform security assessments of Suppliers and Third-Party vendors to identify, validate and remediate risks. This may include performing interviews, document design assessments and walkthroughs of security Controls.

• Contribute towards process improvement of team processes, templates and tools.

• Undergraduate degree in Engineering, MIS, Computer Science or related field
• Must have 3+ years of work experience in Cybersecurity, Audit, Risk, and/or Compliance
• Must have 3+ years of direct participation/experience across common industry security policy areas, including, but not limited to ISO, NIST, COSO, COBIT, PCI, SOX, SSAE16, and others
• Ability to work in a collaborative team environment.
• Highly responsive and proven professionalism in communication, interpersonal, analytical, and organizational skills.
• Ability to synthesize a variety of data points, problem solve and formulate comprehensive and effective execution and risk mitigation plans
• Must be extremely flexible and able to manage multiple tasks and priorities on very tight deadlines.
• Excellent Data Analysis skills using Microsoft Excel, SQL, or other scripting languages

• CISSP, GCSA, CND or similar industry-recognized professional certification.
• Demonstrated experience in computer security combined with risk analysis, audit, and compliance objectives.
• High degree of creativity and “out-of-the-box” thinking.
• Able to execute on multiple projects simultaneously in fast-paced environments.
• Possesses a services and solution orientated approach.
• Strong writing, communication, and presentation skills.
• Ability to share knowledge and collaborate by developing content and documentation for distribution to other team members, managers, and customers.
• Ability to work on a fast pace, ever changing global environment.
• Outstanding organization skills.
• Takes responsibility and achieves results.
• Excellent organizing, time management and priority setting skills.