At F5, we strive to bring a better digital world to life. Our teams empower organizations across the globe to create, secure, and run applications that enhance how we experience our evolving digital world. We are passionate about cybersecurity, from protecting consumers from fraud to enabling companies to focus on innovation.
Everything we do centers around people. That means we obsess over how to make the lives of our customers, and their customers, better. And it means we prioritize a diverse F5 community where each individual can thrive.
The Senior Manager, Cybersecurity GRC People and Policy is a critical leadership position within F5. Reporting directly to the VP of Cybersecurity Governance, Risk, and Compliance (GRC), you will oversee and expand global programs focused on risk mitigation, compliance training, vulnerability assurance, and corporate information security policies.
This role operates under F5’s Freedom to Flex hybrid work model, blending remote flexibility with intentional, purposeful in-office collaboration. As a team leader, you will directly manage a cross-functional squad of specialized analysts and developers to secure F5's people element and strengthen its security posture.
Key Responsibilities
Team Leadership & People Management
- Directly manage and coach a dedicated team of four specialized domains:
- Policy & Standards Development Analyst: Overseeing the corporate policy lifecycle.
- Vulnerability Assurance Analysts: Identifying and assessing people-centric and system vulnerabilities.
- Training Developer: Designing high-impact, modern security learning content.
- Training Compliance Analysts: Tracking mandatory completion rates and ensuring audit readiness.
- Foster an inclusive environment that aligns with F5's human-first culture and core company values.
- Set performance metrics and OKRs for individual contributors, tracking delivery against the broader GRC roadmap.
Risk & Vulnerability Assurance
- Oversee risk profiling and threat modeling alongside Vulnerability Assurance Analysts to target high-risk internal groups.
- Mature the phishing simulation program by introducing adaptive learning paths based on real-time vulnerability data.
- Transform security culture from simple compliance checklists into persistent, measurable behavioral improvements across F5.
Global Training Strategy & Compliance
- Lead the strategic direction of F5’s corporate security awareness training programs, ensuring fulfillment of onboarding and annual compliance requirements.
- Direct the Training Developer in creating interactive content that addresses specialized topics, including Secure Software Development Lifecycle (SSDLC), global data privacy, and data classification.
- Ensure strict adherence to training compliance standards to support external SOC2, ISO 27001, and regulatory audits.
Policy & Standards Governance
- Govern the end-to-end lifecycle of F5’s global cybersecurity policies, standards, and procedures.
- Guide the Policy Analyst in translating complex legal, technical, and regulatory shifts into plain-language rules for business units.
- Collaborate with legal, HR, engineering, and other executives to secure alignment and formal sign-off on updated policies.
Role Requirements
Experience & Leadership
- 8+ years of experience in cybersecurity GRC, information security policy, or security awareness management.
- 3+ years of direct people management experience leading technical and non-technical teams in a corporate environment.
- Proven track record of building and scaling people risk or vulnerability assurance programs in tech or security industries.
Education & Certifications
- Bachelor’s degree in Cybersecurity, Computer Science, Technical Communications, or a related field (or equivalent professional experience).
- Preferred certifications: CISSP, CISM, CRISC, or SANS Security Awareness Professional (SSAP).
Skills & Workplace Attributes
- Strategic communication skills required to deliver risk insights and program performance updates to the VP of GRC.
- Ability to manage distributed teams within F5's Freedom to Flex hybrid framework.
The Job Description is intended to be a general representation of the responsibilities and requirements of the job. However, the description may not be all-inclusive, and responsibilities and requirements are subject to change.
Please note that F5 only contacts candidates through F5 email address (ending with @f5.com) or auto email notification from Workday (ending with f5.com or @myworkday.com).
Equal Employment Opportunity
It is the policy of F5 to provide equal employment opportunities to all employees and employment applicants without regard to unlawful considerations of race, religion, color, national origin, sex, sexual orientation, gender identity or expression, age, sensory, physical, or mental disability, marital status, veteran or military status, genetic information, or any other classification protected by applicable local, state, or federal laws. This policy applies to all aspects of employment, including, but not limited to, hiring, job assignment, compensation, promotion, benefits, training, discipline, and termination. F5 offers a variety of reasonable accommodations for candidates. Requesting an accommodation is completely voluntary. F5 will assess the need for accommodations in the application process separately from those that may be needed to perform the job. Request by contacting [email protected].
Skills Required
- 8+ years of experience in cybersecurity GRC, information security policy, or security awareness management.
- 3+ years of direct people management experience leading technical and non-technical teams in a corporate environment.
- Proven track record of building and scaling people risk or vulnerability assurance programs in tech or security industries.
- Bachelor's degree in Cybersecurity, Computer Science, Technical Communications, or a related field (or equivalent professional experience).
- Preferred certifications: CISSP, CISM, CRISC, or SANS Security Awareness Professional (SSAP).
- Strategic communication skills to present risk insights and program performance to executive leadership.
- Ability to manage distributed teams within a hybrid (Freedom to Flex) work framework.
F5 Compensation & Benefits Highlights
The following summarizes recurring compensation and benefits themes identified from responses generated by popular LLMs to common candidate questions about F5 and has not been reviewed or approved by F5.
-
Equity Value & Accessibility — Equity grants and an employee stock purchase plan are positioned as meaningful parts of total compensation, with RSUs and a discount ESPP commonly included. Pay packages for many technical roles are considered competitive when equity is taken into account.
-
Leave & Time Off Breadth — Paid vacation that increases with tenure, sick time, paid holidays, and paid family leave are prominently featured. Additional programs like volunteer time and periodic wellness long weekends are highlighted as part of the time-off ecosystem.
-
Inclusive Benefits Coverage — Health plans include travel support for specific care (such as reproductive and gender‑affirming services) and mental health resources, alongside comprehensive medical, dental, and vision coverage. These elements are presented as part of a broad, inclusive approach to healthcare.
F5 Insights
What We Do
F5 application services ensure that applications are always secure and perform the way they should—in any environment and on any device. F5 (NASDAQ: FFIV) powers applications from development through their entire life cycle, across any multi-cloud environment, so our customers – enterprise businesses, service providers, governments, and consumer brands—can deliver differentiated, high-performing, and secure digital experiences.







