GRCA Program Manager
Posted on 5/11/2021

501-1,000 employees

Video & sensor-based security systems for enterprises
Company Overview
Verkada's mission is to be the essential physical security software layer for every building, and the foundation of a larger enterprise IoT infrastructure.
Burlingame, CA, USA
Experience Level
Desired Skills
  • Outstanding written and spoken communication skills
  • Ability to effectively and autonomously accomplish outcomes across cross-functional teams in ambiguous situations with minimal supervision
  • Proven understanding and experience with security and audit of cloud technologies. AWS experience required
  • Experience with product on audits, risk and compliance. Experience in system auditing, in-house developed systems, software code reviews, system implementations and testing of IT general controls
  • Ability to multitask, prioritize work and meet deadlines in a fast paced environment
  • Focus on precision and accuracy, and the drive to clarify ambiguity
  • Experience with designing and managing large-scale and complex build, deployment tools, infrastructure, test environments, and test automation
  • Understanding of NIST CSF, SOC 2, ISO27001 standards
  • 7+ years of security/IT compliance or equivalent experience
  • Experience with scripting languages such as: Python, JSON etc
  • Work cross functionally with Security, IT, Infrastructure, Engineering, Data, and Finance to provide guidance on security controls implementation including: effectiveness, implementation and automation
  • Research, build and maintain tooling for testing and continuous monitoring of security controls across multiple platforms including: AWS, Github, etc
  • Implement the development and oversight of required corrective action plans relating to security compliance issues
  • Perform annual security risk assessments and prepare risk treatment plans
  • Manage the Security Exception Process to enable Security teams to track exceptions, manage approvals, and improve automation
  • Assurance program (the A in GRCA) - Maintain the FAQ for customer questionnaires
  • Conduct vendor security assessments to assess risks and evaluate security postures of new and existing third-party vendors/suppliers
  • Collaborate on Business Impact Assessments (BIA) and annual BCP/DR activities
  • Assist in the development and maintenance of company-wide security policies, procedures, and plans, and support communication to internal stakeholders regarding security and compliance best practices around applicable laws, regulations, and controls
  • Contribute to our Security Awareness program. Coordinate and deliver internal security and privacy training
  • Own roadmap for continuous compliance across IT and Security control population with a goal of increasing automation coverage
  • Work closely with internal and external auditors to educate them and achieve continuous compliance over technology control environment
  • Communicate progress, escalations, and issue resolution to management and team stakeholders
  • Create procedural documentation, including training materials or process documentation
  • Build relationships with a broad range of Verkada employees at all levels to accomplish program objectives and further Verkada GRC goals
Desired Qualifications
  • BS in a technical field or equivalent experience
  • Prior experience with major tech companies
  • Security certifications e.g. CISSP, CISM or other relevant certifications
  • Experience mapping common controls across multiple frameworks in a GRC tool
  • Deep understanding of SDLC and CI/CD
  • Prior experience automating audit evidence collection
  • Experience with privacy compliance