Sr. Manager IT RISK and Compliance

Looking for an innovative, high-growth company in one of the hottest segments of the security market?  Look no further than Veracode! 

Veracode is recognized as a premier provider of SaaS-based application security solutions, transforming the way companies secure applications in today’s software driven world. We provide our customers with a solid foundation on which to build security into their modern agile development processes. Learn more about us at www.veracode.com! 

Veracode seeks a seasoned IT Risk & Compliance professional to enhance and manage cross-functional IT risk management. This role reports to the Chief Information Security Officer and will oversee the Compliance team for Veracode. Sr. Manager GRC will directly supervise supporting team members by providing direction, feedback, strategy, and growth opportunities that elevate the company’s position and risk resilience. 

This Sr. Manager will work cross-functionally with business partners and IT leaders to deliver solutions. A successful candidate will have proven experience operating in high-pressure situations, excellent organizational skills, an ability to handle competing priorities and a high level of planning discipline.  
 
Key Aspects of the Role: 

• Lead in the identification and mitigation of corporate IT risks
• Coordinate auditing activities of Veracode’s compliance program which includes, but is not limited to, controls that meet SOC 2 Type 2, ISO 27001 family, FedRAMP, GDPR, TPRM, Data Privacy, Business Continuity, and HIPAA business associate requirements.
• Act as a central point of contact/subject matter expert ensuring internal controls are properly designed and implemented.
• Collaborate with and facilitate as applicable the Company’s on-going audit and risk assessment processes between internal/external auditors and the internal team owners and stakeholders.
• Maintain on-going communication with the internal/external auditors including alignment of SOC 2, ISO 27001 family, FedRAMP, and Data Privacy compliance activities.
• Manage IT compliance with customer, partner, and government requirements
• Track progress against compliance program milestones.
• Provide timely updates to CISO that communicate status, trends, and action plans of various compliance initiatives.
• Provide education to IT Control owners focusing on demonstration of compliance requirements and share hot topics in SOC 2, GDPR, Data Privacy, Business Continuity, and ISO 27001 compliance.
• Partner with Sales department to provide IT technical & compliance responses to customer due diligence requests
• Interface with Information Security, Legal, Procurement and business owners in the assessment of prospective and current vendors as part of Veracode’s Vendor Management Program.
• Support Veracode’s CISO in the monitoring of information security, and reporting of status to the company’s Board of Directors
• Evangelize automation of controls and be an expert in governance systems
• Innovate risk sources to minimize leadership blind spots
• Become a trusted partner to business leaders
• Differentiate strategic and tactical issues while balancing resource allocation
• Use data to drive decisions and KPIs to demonstrate performance

What you’ll need: 

• Minimum 10 years in an IT risk compliance role
• Minimum 5 years of direct people management
• Experience implementing / operating in a SOC 2 Type II, ISO 27001/2 environment
• Knowledge of IT controls frameworks such as NIST 800:53, PCI, CIAQ, CIS, TSC
• Holds certifications in IT security, privacy, or other related areas (CISA, CISM, CIPP)
• Experience as an IT auditor or large accounting firm consultant
• Experience with IT Infrastructure systems management or development
• Proven experience in managing people
• Excellent communication, problem solving, conflict / resolution management, active listening, time management, and interpersonal skills
• Ability to work and drive results independently
• Ability to learn and adapt quickly
• Vibrant and energetic attitude, willingness to perform and get results

What we offer you:  

• Outstanding Medical, Dental, and Vision Coverage to meet all your healthcare needs.  
• Wellness benefits to help you focus on what’s most important. 
• “Take What You Need” time off policy.  
• Extensive development and training offerings to help you grow your career at Veracode. 
• Generous 401k match to help save for your future. 
• Amazing community of professionals who take pride in what we do every day.