Responsibilities:

• Work cross functionally with Security, IT, Infrastructure, Engineering, Data, and Finance to provide guidance on security controls implementation including: effectiveness, implementation and automation
• Research, build and maintain tooling for testing and continuous monitoring of security controls across multiple platforms including: AWS, Github, etc.
• Implement the development and oversight of required corrective action plans relating to security compliance issues
• Perform annual security risk assessments and prepare risk treatment plans
• Manage the Security Exception Process to enable Security teams to track exceptions, manage approvals, and improve automation
• Assurance program (the A in GRCA) - Maintain the FAQ for customer questionnaires
• Conduct vendor security assessments to assess risks and evaluate security postures of new and existing third-party vendors/suppliers
• Collaborate on Business Impact Assessments (BIA) and annual BCP/DR activities
• Assist in the development and maintenance of company-wide security policies, procedures, and plans, and support communication to internal stakeholders regarding security and compliance best practices around applicable laws, regulations, and controls
• Contribute to our Security Awareness program. Coordinate and deliver internal security and privacy training.
• Own roadmap for continuous compliance across IT and Security control population with a goal of increasing automation coverage 
• Work closely with internal and external auditors to educate them and achieve continuous compliance over technology control environment 
• Communicate progress, escalations, and issue resolution to management and team stakeholders 
• Create procedural documentation, including training materials or process documentation 
• Build relationships with a broad range of Verkada employees at all levels to accomplish program objectives and further Verkada GRC goals.

Requirements:

• Outstanding written and spoken communication skills
• Ability to effectively and autonomously accomplish outcomes across cross-functional teams in ambiguous situations with minimal supervision 
• Proven understanding and experience with security and audit of cloud technologies. AWS experience required
• Experience with product on audits, risk and compliance. Experience in system auditing, in-house developed systems, software code reviews, system implementations and testing of IT general controls.
• Ability to multitask, prioritize work and meet deadlines in a fast paced environment
• Focus on precision and accuracy, and the drive to clarify ambiguity
• Experience with designing and managing large-scale and complex build, deployment tools, infrastructure, test environments, and test automation.
• Understanding of NIST CSF, SOC 2, ISO27001 standards
• 7+ years of security/IT compliance or equivalent experience
• Experience with scripting languages such as: Python, JSON etc 

Preferred Qualifications:

• BS in a technical field or equivalent experience 
• Prior experience with major tech companies
• Security certifications e.g. CISSP, CISM or other relevant certifications
• Experience mapping common controls across multiple frameworks in a GRC tool
• Deep understanding of SDLC and CI/CD
• Prior experience automating audit evidence collection 
• Experience with privacy compliance

Perks & Benefits

• Generous company paid medical, dental & vision insurance coverage 
• Unlimited paid time off & 11 companywide paid holidays 
• Wellness allowance 
• Commuter benefits 
• Healthy lunches and dinners provided daily 
• Generous paid parental leave policy & fertility benefits