Senior Governance, Risk & Compliance Analyst
Looking for an innovative, high-growth company in one of the hottest segments of the security market? Look no further than Veracode!
Veracode is recognized as a premier provider of SaaS-based application security solutions, transforming the way companies secure applications in today’s software driven world. We provide our customers with a solid foundation on which to build security into their modern agile development processes. Learn more about us at www.veracode.com!
Key Aspects of the Role:
Responsibilities:
- Coordinate auditing activities of Veracode’s compliance program which includes, but is not limited to, controls that meet SOC 2 Type 2, ISO 27001 family, NIST 800-53, FedRAMP, GDPR, Third-party Risk Management, Data Privacy and Business Continuity.
- Provide education to IT Control owners focusing on demonstration of compliance requirements and share hot topics in SOC 2 Type 2, ISO 27001 family, NIST 800-53, FedRAMP, GDPR, Third-party Risk Management, Data Privacy and Business Continuity
- Select and monitor compliance with Security and Privacy awareness training.
- Interface with Information Security, Legal, Procurement and business owners in the assessment of prospective and current vendors as part of Veracode’s Vendor Management Program.
- Participate in the identification, mitigation & quantification of corporate IT risks.
- Participate in implementing disaster recovery (DR) & Business Contingency Planning (BCP) practices
- Participate in Access Reviews of key systems to ensure appropriate access.
- Act as a subject matter expert ensuring internal controls are properly designed and implemented.
- Collaborate with and facilitate as applicable the Company’s on-going audit and risk assessment processes between internal/external auditors and the internal team owners and stakeholders.
- Coordinate IT compliance with customer, partner, and government requirements.
- Provide timely updates to Compliance Manager and CISO that communicate status, trends, and action plans of various compliance initiatives.
- Partner with Sales department to provide IT technical & compliance responses to customer due diligence requests.
- Support Veracode’s CISO in the monitoring of information security and reporting of status to the Company’s Board of Directors.
- Use data to drive decisions and KPIs to demonstrate performance.
Qualifications:
- Minimum 3-5 years in an IT Risk and Compliance role.
- Experience implementing, operating, or knowledge of a SOC 2 Type II, NIST 800-53, ISO 27001/2, and/or FedRAMP Moderate environment.
- Experience assessing vendors from a security risk perspective and pushing recommendations to management.
- Preferred: Holds certifications in IT security, privacy, or other related areas (CISA, CRISC, CISSP, CIPP)
- Excellent communication, problem solving, conflict / resolution management, active listening, time management, and interpersonal skills.
- Ability to work and drive results independently and collaboratively.
- Ability to learn and adapt quickly.
- Vibrant and energetic attitude, willingness to perform and get results.
What we offer you:
- Outstanding Medical, Dental, and Vision Coverage to meet all your healthcare needs.
- Wellness benefits to help you focus on what’s most important.
- “Take What You Need” time off policy.
- Extensive development and training offerings to help you grow your career at Veracode.
- Generous 401k match to help save for your future.
- Amazing community of professionals who take pride in what we do every day.