GRCA Program Manager
Who We Are
Verkada is the largest cloud-based B2B physical security platform company in the world. Only Verkada offers seven product lines — video security cameras, access control, environmental sensors, alarms, visitor management, mailroom management and intercoms — integrated with a single cloud-based software platform.
Designed with simplicity and scalability in mind, Verkada gives organizations the real-time insight to know what could impact the safety and comfort of people throughout their physical environment, while empowering them to take immediate action to minimize security risks, workplace frustrations and costly inefficiencies.
Founded in 2016 with more than $360M in funding raised to date, Verkada has expanded rapidly with 14 offices across three continents, 1,500+ full-time employees and 15,700+ customers across 70+ countries, including 43 companies in the Fortune 500.
About our team
Behind the scenes, we’re a team of computer scientists, hardware engineers and experienced founders who saw a chance to make a real impact. We’re united by the challenge of building beautiful products, designed for real people—and by our commitment to using technology responsibly. We believe keeping data private and secure is core to our safety as individuals, businesses and communities and we put great care into building systems that embody our values as people. Likewise, many of Silicon Valley’s top investors believe in us: we’re backed by Sequoia Capital, FirstRound, Meritech and Siemens (Next47).
Responsibilities:
- Work cross functionally with Security, IT, Infrastructure, Engineering, Data, and Finance to provide guidance on security controls implementation including: effectiveness, implementation and automation
- Research, build and maintain tooling for testing and continuous monitoring of security controls across multiple platforms including: AWS, Github, etc.
- Implement the development and oversight of required corrective action plans relating to security compliance issues
- Perform annual security risk assessments and prepare risk treatment plans
- Manage the Security Exception Process to enable Security teams to track exceptions, manage approvals, and improve automation
- Assurance program (the A in GRCA) - Maintain the FAQ for customer questionnaires
- Conduct vendor security assessments to assess risks and evaluate security postures of new and existing third-party vendors/suppliers
- Collaborate on Business Impact Assessments (BIA) and annual BCP/DR activities
- Assist in the development and maintenance of company-wide security policies, procedures, and plans, and support communication to internal stakeholders regarding security and compliance best practices around applicable laws, regulations, and controls
- Contribute to our Security Awareness program. Coordinate and deliver internal security and privacy training.
- Own roadmap for continuous compliance across IT and Security control population with a goal of increasing automation coverage
- Work closely with internal and external auditors to educate them and achieve continuous compliance over technology control environment
- Communicate progress, escalations, and issue resolution to management and team stakeholders
- Create procedural documentation, including training materials or process documentation
- Build relationships with a broad range of Verkada employees at all levels to accomplish program objectives and further Verkada GRC goals.
Requirements:
- Outstanding written and spoken communication skills
- Ability to effectively and autonomously accomplish outcomes across cross-functional teams in ambiguous situations with minimal supervision
- Proven understanding and experience with security and audit of cloud technologies. AWS experience required
- Experience with product on audits, risk and compliance. Experience in system auditing, in-house developed systems, software code reviews, system implementations and testing of IT general controls.
- Ability to multitask, prioritize work and meet deadlines in a fast paced environment
- Focus on precision and accuracy, and the drive to clarify ambiguity
- Experience with designing and managing large-scale and complex build, deployment tools, infrastructure, test environments, and test automation.
- Understanding of NIST CSF, SOC 2, ISO27001 standards
- 7+ years of security/IT compliance or equivalent experience
- Experience with scripting languages such as: Python, JSON etc
Preferred Qualifications:
- BS in a technical field or equivalent experience
- Prior experience with major tech companies
- Security certifications e.g. CISSP, CISM or other relevant certifications
- Experience mapping common controls across multiple frameworks in a GRC tool
- Deep understanding of SDLC and CI/CD
- Prior experience automating audit evidence collection
- Experience with privacy compliance
Perks & Benefits
- Generous company paid medical, dental & vision insurance coverage
- Unlimited paid time off & 11 companywide paid holidays
- Wellness allowance
- Commuter benefits
- Healthy lunches and dinners provided daily
- Generous paid parental leave policy & fertility benefits