GRCA Manager/Director

About The Position

Requirements

• Outstanding written and spoken communication skills
• Ability to effectively and autonomously accomplish outcomes across cross-functional teams in ambiguous situations
• Ability to multitask, prioritize work and meet deadlines in a fast paced environment
• Experience with AWS or another cloud service provider
• Prior experience with software companies’ compliance
• Experience with audits, risk and compliance (SOC 2, ISO27001, etc.) for cloud software products.
• 7+ years of security/IT compliance or equivalent experience

Nice To Haves

• Experience with scripting languages such as: Python, JSON etc
• Prior experience automating audit evidence collection

Responsibilities

• Work cross functionally with Security, IT, Engineering, Product and Legal to provide guidance on security controls implementation including: effectiveness, implementation and automation
• Research, build and maintain tooling for testing and continuous monitoring of security controls across multiple platforms including: AWS, Github, etc.
• Maintain the roadmap for continuous security compliance across Verkada’s Corporate, IT and Product environments with a goal of increasing automation coverage
• Assist in the development and maintenance of company-wide security policies, procedures, and plans, and support communication to internal stakeholders regarding security and compliance best practices around applicable laws, regulations, and controls
• Communicate progress, escalations, and issue resolution to management and team stakeholders
• Create procedural documentation, including training materials or process documentation
• Build relationships with a broad range of Verkada employees at all levels to accomplish program objectives and further Verkada GRC goals.
• Implement the development and oversight of required corrective action plans relating to security compliance issues
• Perform annual security risk assessments and prepare risk treatment plans
• Conduct vendor security assessments to assess risks and evaluate security postures of new and existing third-party vendors/suppliers
• Manage the Security Exception Process to enable Security teams to track exceptions, manage approvals, and improve automation
• Assurance program (the A in GRCA) - Maintain the FAQ for customer questionnaires
• Collaborate on Business Impact Assessments (BIA) and annual BCP/DR activities
• Leverage AI and automation to scale the GRCA functions
• Work closely with internal and external auditors to educate them and achieve continuous compliance over technology control environment

Benefits

• Healthcare programs that can be tailored to meet the personal health and financial well-being needs - Premiums are 100% covered for the employee under at least one plan and 80% for family premiums under all plans
• Nationwide medical, vision and dental coverage
• Health Saving Account (HSA) with annual employer contributions and Flexible Spending Account (FSA) with tax saving options
• Expanded mental health support
• Paid parental leave policy & fertility benefits
• Time off to relax and recharge through our paid holidays, firmwide extended holidays, flexible PTO and personal sick time
• Professional development stipend
• Fertility Stipend
• Wellness/fitness benefits
• Healthy lunches provided daily
• Commuter benefits