GRCA Program Manager
Employment Type: Full-Time
Who We Are
Verkada is the leader in integrated cloud-managed enterprise building security. Verkada combines our cloud-managed software platform with hardware powered by edge-based processing to provide customers with a real-time view into every part of their organization. Designed with simplicity in mind, Verkada's video security cameras, access control and environmental sensors natively integrate with our platform and are virtually effortless to install, maintain, and manage across hundreds of sites. Verkada protects more than 6,000 organizations, including more than 30+ of the Fortune 500.
About our team
Behind the scenes, we're a team of computer scientists, hardware engineers and experienced founders who saw a chance to make a real impact. We're united by the challenge of building beautiful products, designed for real people-and by our commitment to using technology responsibly. We believe keeping data private and secure is core to our safety as individuals, businesses and communities and we put great care into building systems that embody our values as people. Likewise, many of Silicon Valley's top investors believe in us: we're backed by Sequoia Capital, FirstRound, Meritech and Siemens (Next47).
* Work cross functionally with Security, IT, Infrastructure, Engineering, Data, and Finance to provide guidance on security controls implementation including: effectiveness, implementation and automation
* Research, build and maintain tooling for testing and continuous monitoring of security controls across multiple platforms including: AWS, Github, etc.
* Implement the development and oversight of required corrective action plans relating to security compliance issues
* Perform annual security risk assessments and prepare risk treatment plans
* Manage the Security Exception Process to enable Security teams to track exceptions, manage approvals, and improve automation
* Assurance program (the A in GRCA) - Maintain the FAQ for customer questionnaires
* Conduct vendor security assessments to assess risks and evaluate security postures of new and existing third-party vendors/suppliers
* Collaborate on Business Impact Assessments (BIA) and annual BCP/DR activities
* Assist in the development and maintenance of company-wide security policies, procedures, and plans, and support communication to internal stakeholders regarding security and compliance best practices around applicable laws, regulations, and controls
* Contribute to our Security Awareness program. Coordinate and deliver internal security and privacy training.
* Own roadmap for continuous compliance across IT and Security control population with a goal of increasing automation coverage
* Work closely with internal and external auditors to educate them and achieve continuous compliance over technology control environment
* Communicate progress, escalations, and issue resolution to management and team stakeholders
* Create procedural documentation, including training materials or process documentation
* Build relationships with a broad range of Verkada employees at all levels to accomplish program objectives and further Verkada GRC goals.
* Outstanding written and spoken communication skills
* Ability to effectively and autonomously accomplish outcomes across cross-functional teams in ambiguous situations with minimal supervision
* Proven understanding and experience with security and audit of cloud technologies. AWS experience required
* Experience with product on audits, risk and compliance. Experience in system auditing, in-house developed systems, software code reviews, system implementations and testing of IT general controls.
* Ability to multitask, prioritize work and meet deadlines in a fast paced environment
* Focus on precision and accuracy, and the drive to clarify ambiguity
* Experience with designing and managing large-scale and complex build, deployment tools, infrastructure, test environments, and test automation.
* Understanding of NIST CSF, SOC 2, ISO27001 standards
* 7+ years of security/IT compliance or equivalent experience
* Experience with scripting languages such as: Python, JSON etc
* BS in a technical field or equivalent experience
* Prior experience with major tech companies
* Security certifications e.g. CISSP, CISM or other relevant certifications
* Experience mapping common controls across multiple frameworks in a GRC tool
* Deep understanding of SDLC and CI/CD
* Prior experience automating audit evidence collection
* Experience with privacy compliance
Perks & Benefits
* Generous company paid medical, dental & vision insurance coverage
* Unlimited paid time off & 11 companywide paid holidays
* Wellness allowance
* Commuter benefits
* Healthy lunches and dinners provided daily
* Generous paid parental leave policy & fertility benefits
Verkada is an equal opportunity employer. We strive to be a welcoming place for everyone, and we do our best to make sure all people feel supported and connected at work. A big part of that effort is support for members and allies of our internal communities like Women at Verkada, Pride at Verkada, Multicultural at Verkada and Parents at Verkada.#06022021