GRCA Program Manager @ Verkada

GRCA Program Manager

Posted on 5/11/2021

INACTIVE

501-1,000 employees

Video & sensor-based security systems for enterprises

Company Overview

Verkada's mission is to be the essential physical security software layer for every building, and the foundation of a larger enterprise IoT infrastructure.

Locations

Burlingame, CA, USA

Experience Level

Entry

Junior

Mid

Senior

Expert

Desired Skills

AWS

Git

Python

Communications

Requirements

Outstanding written and spoken communication skills
Ability to effectively and autonomously accomplish outcomes across cross-functional teams in ambiguous situations with minimal supervision
Proven understanding and experience with security and audit of cloud technologies. AWS experience required
Experience with product on audits, risk and compliance. Experience in system auditing, in-house developed systems, software code reviews, system implementations and testing of IT general controls
Ability to multitask, prioritize work and meet deadlines in a fast paced environment
Focus on precision and accuracy, and the drive to clarify ambiguity
Experience with designing and managing large-scale and complex build, deployment tools, infrastructure, test environments, and test automation
Understanding of NIST CSF, SOC 2, ISO27001 standards
7+ years of security/IT compliance or equivalent experience
Experience with scripting languages such as: Python, JSON etc

Responsibilities

Work cross functionally with Security, IT, Infrastructure, Engineering, Data, and Finance to provide guidance on security controls implementation including: effectiveness, implementation and automation
Research, build and maintain tooling for testing and continuous monitoring of security controls across multiple platforms including: AWS, Github, etc
Implement the development and oversight of required corrective action plans relating to security compliance issues
Perform annual security risk assessments and prepare risk treatment plans
Manage the Security Exception Process to enable Security teams to track exceptions, manage approvals, and improve automation
Assurance program (the A in GRCA) - Maintain the FAQ for customer questionnaires
Conduct vendor security assessments to assess risks and evaluate security postures of new and existing third-party vendors/suppliers
Collaborate on Business Impact Assessments (BIA) and annual BCP/DR activities
Assist in the development and maintenance of company-wide security policies, procedures, and plans, and support communication to internal stakeholders regarding security and compliance best practices around applicable laws, regulations, and controls
Contribute to our Security Awareness program. Coordinate and deliver internal security and privacy training
Own roadmap for continuous compliance across IT and Security control population with a goal of increasing automation coverage
Work closely with internal and external auditors to educate them and achieve continuous compliance over technology control environment
Communicate progress, escalations, and issue resolution to management and team stakeholders
Create procedural documentation, including training materials or process documentation
Build relationships with a broad range of Verkada employees at all levels to accomplish program objectives and further Verkada GRC goals

Desired Qualifications

BS in a technical field or equivalent experience
Prior experience with major tech companies
Security certifications e.g. CISSP, CISM or other relevant certifications
Experience mapping common controls across multiple frameworks in a GRC tool
Deep understanding of SDLC and CI/CD
Prior experience automating audit evidence collection
Experience with privacy compliance

Who We Are

Verkada is the largest cloud-based B2B physical security platform company in the world. Only Verkada offers seven product lines — video security cameras, access control, environmental sensors, alarms, visitor management, mailroom management and intercoms — integrated with a single cloud-based software platform.

Designed with simplicity and scalability in mind, Verkada gives organizations the real-time insight to know what could impact the safety and comfort of people throughout their physical environment, while empowering them to take immediate action to minimize security risks, workplace frustrations and costly inefficiencies.

Founded in 2016 with more than $360M in funding raised to date, Verkada has expanded rapidly with 14 offices across three continents, 1,500+ full-time employees and 15,700+ customers across 70+ countries, including 43 companies in the Fortune 500.

About our team

Behind the scenes, we’re a team of computer scientists, hardware engineers and experienced founders who saw a chance to make a real impact. We’re united by the challenge of building beautiful products, designed for real people—and by our commitment to using technology responsibly. We believe keeping data private and secure is core to our safety as individuals, businesses and communities and we put great care into building systems that embody our values as people. Likewise, many of Silicon Valley’s top investors believe in us: we’re backed by Sequoia Capital, FirstRound, Meritech and Siemens (Next47).

Responsibilities:

Work cross functionally with Security, IT, Infrastructure, Engineering, Data, and Finance to provide guidance on security controls implementation including: effectiveness, implementation and automation
Research, build and maintain tooling for testing and continuous monitoring of security controls across multiple platforms including: AWS, Github, etc.
Implement the development and oversight of required corrective action plans relating to security compliance issues
Perform annual security risk assessments and prepare risk treatment plans
Manage the Security Exception Process to enable Security teams to track exceptions, manage approvals, and improve automation
Assurance program (the A in GRCA) - Maintain the FAQ for customer questionnaires
Conduct vendor security assessments to assess risks and evaluate security postures of new and existing third-party vendors/suppliers
Collaborate on Business Impact Assessments (BIA) and annual BCP/DR activities
Assist in the development and maintenance of company-wide security policies, procedures, and plans, and support communication to internal stakeholders regarding security and compliance best practices around applicable laws, regulations, and controls
Contribute to our Security Awareness program. Coordinate and deliver internal security and privacy training.
Own roadmap for continuous compliance across IT and Security control population with a goal of increasing automation coverage
Work closely with internal and external auditors to educate them and achieve continuous compliance over technology control environment
Communicate progress, escalations, and issue resolution to management and team stakeholders
Create procedural documentation, including training materials or process documentation
Build relationships with a broad range of Verkada employees at all levels to accomplish program objectives and further Verkada GRC goals.

Requirements:

Outstanding written and spoken communication skills
Ability to effectively and autonomously accomplish outcomes across cross-functional teams in ambiguous situations with minimal supervision
Proven understanding and experience with security and audit of cloud technologies. AWS experience required
Experience with product on audits, risk and compliance. Experience in system auditing, in-house developed systems, software code reviews, system implementations and testing of IT general controls.
Ability to multitask, prioritize work and meet deadlines in a fast paced environment
Focus on precision and accuracy, and the drive to clarify ambiguity
Experience with designing and managing large-scale and complex build, deployment tools, infrastructure, test environments, and test automation.
Understanding of NIST CSF, SOC 2, ISO27001 standards
7+ years of security/IT compliance or equivalent experience
Experience with scripting languages such as: Python, JSON etc

Preferred Qualifications:

BS in a technical field or equivalent experience
Prior experience with major tech companies
Security certifications e.g. CISSP, CISM or other relevant certifications
Experience mapping common controls across multiple frameworks in a GRC tool
Deep understanding of SDLC and CI/CD
Prior experience automating audit evidence collection
Experience with privacy compliance

Perks & Benefits

Generous company paid medical, dental & vision insurance coverage
Unlimited paid time off & 11 companywide paid holidays
Wellness allowance
Commuter benefits
Healthy lunches and dinners provided daily
Generous paid parental leave policy & fertility benefits