Principal, GRC Automation and Cyber Risk

About the role

At F5, we strive to bring a better digital world to life. Our teams empower organizations across the globe to create, secure, and run applications that enhance how we experience our evolving digital world. We are passionate about cybersecurity, from protecting consumers from fraud to enabling companies to focus on innovation. Everything we do centers around people. That means we obsess over how to make the lives of our customers, and their customers, better. And it means we prioritize a diverse F5 community where each individual can thrive. The Principal, GRC Automation & Cyber Risk Quantification is a senior engineering and strategic leadership role responsible for designing, implementing, and scaling automated, data-driven cyber risk and GRC capabilities across the enterprise. This role blends deep cyber risk management expertise with hands-on software engineering , GRC platform architecture, workflow automation, API development and systems integration , and emerging AI-enabled and Agentic c apabilities to modernize how the organization manages risk, compliance, and governance at scale. Reporting to the VP, Cyber Governance, Risk & Compliance, this role serves as a force multiplier for the GRC organization, translating complex regulatory and risk frameworks into automated controls, continuous monitoring workflows, decision-ready dashboards, and audit-ready evidence. The principal is expected to write, review, and own production-quality code and partner closely with ERM, Engineering, IT, Legal, Privacy, Internal Audit, and Digital teams to embed risk intelligence directly into business and technology processes. Key Objectives Shift GRC from manual, point-in-time assessments to continuous, automated, and risk-informed execution by leveraging purpose-built engineering solutions, Python-based tooling, and Agentic workflows. Enable executive and board-ready cyber risk insights grounded in quantitative and business-relevant data, supported by automated data pipelines and integrations. Standardize and automate control mapping, testing, evidence collection, and risk reporting across frameworks and regulators through scalable API-driven architectures. Act as the technical and architectural authority for ServiceNow IRM and adjacent GRC automation capabilities, including custom-developed integrations and Agentic automation agents. Primary Responsibilities 1. GRC Automation & Platform Architecture Design, build, and evolve end-to-end GRC automation across risk, compliance, policy, and issue management domains - including writing and maintaining Python-based automation scripts, services, and tools. Integrate GRC workflows with source systems (cloud platforms, vulnerability tools, IAM, SDLC, third-party systems) via RESTful APIs, webhooks, and event-driven integration patterns to reduce manual effort and improve data quality. Architect and maintain a systems integration layer connecting GRC platforms to enterprise data sources, enabling real-time risk signal ingestion and automated control validation. 2. Cyber Risk Quantification & Decision Enablement Partner with Cyber Risk leadership to operationalize quantitative and scenario-based risk analysis (e.g., FAIR-aligned methods). Engineer automated pipelines for ingesting threat, vulnerability, asset, and business context data to support risk-based prioritization, leveraging Python data processing libraries (e.g., pandas, NumPy) integration APIs, and Agentic work flows. Enable financially grounded cyber risk outputs that inform: Risk acceptance and investment decisions Executive and board-level reporting Program prioritization and roadmap planning 3. Compliance Automation & Continuous Monitoring Translate regulatory and framework requirements into automated, testable, and traceable controls, implementing these as code-driven workflows and API-integrated monitoring checks. Implement continuous control monitoring and evidence refresh to support ISO, SOX, SOC, and regulatory audits, using automated evidence collection scripts and scheduled integrations. Reduce audit fatigue by standardizing artifacts, workflows, and control narratives across compliance programs. Partner with Internal Audit and external auditors to improve transparency, timeliness, and defensibility of GRC outputs. 4. AI-Enabled GRC & Agentic Development Design, build, and deploy Agentic automation solutions - autonomous AI-driven agents capable of reasoning across GRC data, identifying risks, triggering workflows, and recommending actions with minimal human intervention. Identify and pilot AI-assisted capabilities to accelerate GRC outcomes, such as: Control mapping and gap analysis Risk scenario generation and prioritization Policy-to-control alignment and impact analysis Agentic issue triage, intelligent remediation recommendations, and autonomous evidence collection Develop and integrate LLM-based or agent-framework tooling (e.g., LangChain, AutoGen, or comparable frameworks) into GRC workflows. En