Sr. Manager IT RISK and Compliance
Looking for an innovative, high-growth company in one of the hottest segments of the security market? Look no further than Veracode!
Veracode is recognized as a premier provider of SaaS-based application security solutions, transforming the way companies secure applications in today’s software driven world. We provide our customers with a solid foundation on which to build security into their modern agile development processes. Learn more about us at www.veracode.com!
Veracode seeks a seasoned IT Risk & Compliance professional to enhance and manage cross-functional IT risk management. This role reports to the Chief Information Security Officer and will oversee the Compliance team for Veracode. Sr. Manager GRC will directly supervise supporting team members by providing direction, feedback, strategy, and growth opportunities that elevate the company’s position and risk resilience.
This Sr. Manager will work cross-functionally with business partners and IT leaders to deliver solutions. A successful candidate will have proven experience operating in high-pressure situations, excellent organizational skills, an ability to handle competing priorities and a high level of planning discipline.
Key Aspects of the Role:
- Lead in the identification and mitigation of corporate IT risks
- Coordinate auditing activities of Veracode’s compliance program which includes, but is not limited to, controls that meet SOC 2 Type 2, ISO 27001 family, FedRAMP, GDPR, TPRM, Data Privacy, Business Continuity, and HIPAA business associate requirements.
- Act as a central point of contact/subject matter expert ensuring internal controls are properly designed and implemented.
- Collaborate with and facilitate as applicable the Company’s on-going audit and risk assessment processes between internal/external auditors and the internal team owners and stakeholders.
- Maintain on-going communication with the internal/external auditors including alignment of SOC 2, ISO 27001 family, FedRAMP, and Data Privacy compliance activities.
- Manage IT compliance with customer, partner, and government requirements
- Track progress against compliance program milestones.
- Provide timely updates to CISO that communicate status, trends, and action plans of various compliance initiatives.
- Provide education to IT Control owners focusing on demonstration of compliance requirements and share hot topics in SOC 2, GDPR, Data Privacy, Business Continuity, and ISO 27001 compliance.
- Partner with Sales department to provide IT technical & compliance responses to customer due diligence requests
- Interface with Information Security, Legal, Procurement and business owners in the assessment of prospective and current vendors as part of Veracode’s Vendor Management Program.
- Support Veracode’s CISO in the monitoring of information security, and reporting of status to the company’s Board of Directors
- Evangelize automation of controls and be an expert in governance systems
- Innovate risk sources to minimize leadership blind spots
- Become a trusted partner to business leaders
- Differentiate strategic and tactical issues while balancing resource allocation
- Use data to drive decisions and KPIs to demonstrate performance
What you’ll need:
- Minimum 10 years in an IT risk compliance role
- Minimum 5 years of direct people management
- Experience implementing / operating in a SOC 2 Type II, ISO 27001/2 environment
- Knowledge of IT controls frameworks such as NIST 800:53, PCI, CIAQ, CIS, TSC
- Holds certifications in IT security, privacy, or other related areas (CISA, CISM, CIPP)
- Experience as an IT auditor or large accounting firm consultant
- Experience with IT Infrastructure systems management or development
- Proven experience in managing people
- Excellent communication, problem solving, conflict / resolution management, active listening, time management, and interpersonal skills
- Ability to work and drive results independently
- Ability to learn and adapt quickly
- Vibrant and energetic attitude, willingness to perform and get results
What we offer you:
- Outstanding Medical, Dental, and Vision Coverage to meet all your healthcare needs.
- Wellness benefits to help you focus on what’s most important.
- “Take What You Need” time off policy.
- Extensive development and training offerings to help you grow your career at Veracode.
- Generous 401k match to help save for your future.
- Amazing community of professionals who take pride in what we do every day.
Tags: Agile Application security Audits Automation CIPP CISA CISM Compliance FedRAMP GDPR Governance HIPAA ISO 27001 KPIs Monitoring NIST Privacy Risk assessment Risk management SaaS SOC 2 Strategy Vendor management Veracode
Other jobs like this
Explore more Cybersecurity career opportunities
Find open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Analysis, Cryptography, Digital Forensics and Cyber Security in general, filtered by job title or popular skill, toolset and products used.
- Open Cyber Security Architect jobs
- Open IT Security Engineer jobs
- Open Head of Information Security jobs
- Open SOC Analyst jobs
- Open Penetration Tester jobs
- Open Information System Security Officer (ISSO) jobs
- Open Information Security Officer jobs
- Open Sr. Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Application Security Engineer/Architect jobs
- Open Senior Security Analyst jobs
- Open Senior Information Security Engineer jobs
- Open Senior Air Defense/BMD Subject Matter Expert jobs
- Open Senior Infrastructure Security Engineer jobs
- Open Lead Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Staff Security Engineer jobs
- Open Security Consultant jobs
- Open Staff Application Security Engineer jobs
- Open Offensive Security Engineer jobs
- Open Security Researcher jobs
- Open Information Security Specialist jobs
- Open Senior Threat Intelligence Analyst jobs
- Open Cloud Security Automation Specialist jobs
- Open Cloud Security Operations Lead jobs
- Open Vulnerability management-related jobs
- Open Network security-related jobs
- Open GCP-related jobs
- Open Kubernetes-related jobs
- Open Analytics-related jobs
- Open Firewalls-related jobs
- Open Java-related jobs
- Open Malware-related jobs
- Open Clearance-related jobs
- Open DevOps-related jobs
- Open Agile-related jobs
- Open ISO 27001-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Governance-related jobs
- Open OWASP-related jobs
- Open Forensics-related jobs
- Open CISM-related jobs
- Open CI/CD-related jobs
- Open DevSecOps-related jobs
- Open IDS-related jobs
- Open CISA-related jobs
- Open SOC 2-related jobs
- Open Encryption-related jobs