IT Risk and Compliance Professional

Looking for an innovative, high-growth company in one of the hottest segments of the security market?  Look no further than Veracode!

Veracode is recognized as a premier provider of SaaS-based application security solutions, transforming the way companies secure applications in today’s software driven world. We provide our customers with a solid foundation on which to build security into their modern agile development processes. Learn more about us at www.veracode.com!

Veracode is seeking a seasoned IT Risk & Compliance professional to enhance and  lead cross-functional Governance, Risk and Compliance program.

The Analyst will work cross-functionally with business partners and IT leaders to deliver solutions. A successful candidate will have proven experience operating in high-pressure situations, excellent organization skills, an ability to handle competing priorities and a high level of planning discipline.

Responsibilities:

• Coordinate auditing activities of Veracode’s compliance program which includes, but is not limited to, controls that meet SOC 2 Type 2, ISO 27001 family, FedRAMP, GDPR, Third party risk management, Data Privacy and Business Continuity.
• Lead in the identification and mitigation of corporate IT risks
• Act as a central point of contact/subject matter expert ensuring internal controls are properly designed and implemented.
• Collaborate with and facilitate as applicable the Company’s on-going audit and risk assessment processes between internal/external auditors and the internal team owners and stakeholders.
• Maintain on-going communication with the internal/external auditors including alignment of SOC 2, ISO 27001 family, FedRAMP, and Data Privacy compliance activities.
• Manage IT compliance with customer, partner, and government requirements.
• Provide timely updates to compliance manager that communicate status, trends, and action plans of various compliance initiatives.
• Provide education to IT Control owners focusing on demonstration of compliance requirements and share hot topics in SOC 2, GDPR, Data Privacy, Business Continuity, and ISO 27001 compliance.
• Partner with Sales department to provide IT technical & compliance responses to customer due diligence requests.
• Interface with Information Security, Legal, Procurement and business owners in the assessment of prospective and current vendors as part of Veracode’s Vendor Management Program.
• Support Veracode’s CISO in the monitoring of information security, and reporting of status to the company’s Board of Directors
• Use data to drive decisions and KPIs to demonstrate performance.

Qualifications:

• Minimum 5 years in an IT risk compliance role
• Experience implementing / operating in a SOC 2 Type II, ISO 27001/2 environment
• Knowledge of IT controls frameworks such as NIST 800:53, PCI, CIAQ, CIS, TSC
• Holds certifications in IT security, privacy, or other related areas (CISA, CISM, CIPP)
• Experience as an IT auditor or large accounting firm consultant
• Experience with IT Infrastructure systems management or development
• Excellent communication, problem solving, conflict / resolution management, active listening, time management, and interpersonal skills.
• Ability to work and drive results independently.
• Ability to learn and adapt quickly.
• Vibrant and energetic attitude, willingness to perform and get results.