Risk and Compliance Analyst
Posted on 2/17/2023

501-1,000 employees

Enterprise AI solutions platform
Company Overview
Veritone's mission is to democratize artificial intelligence and build a safer, more vibrant, transparent, and empowered society. The company is determined to invent new ways to enhance creativity and productivity like never before by investing in the unrealized potential of AI to unlock the future that once existed only in dreams.
Remote in USA
Experience Level
Desired Skills
Legal & Compliance
  • 5+ years of related work experience building or operating programs to mitigate risks around security, confidentiality, integrity, availability, and privacy. Preferred prior experience in Information Security, Governance Risk or Compliance, or relevant Audit / Assessments functions
  • A proven track record in a security / operational risk management team with direct experience in conducting and analyzing security risk assessments
  • Extensive experience with maintaining information security framework programs, including related regulatory compliance requirements, such as FedRAMP, ISO 27001 / ISO 27002, SOC 2, GDPR, NIST Cyber Security Framework (CSF) / 800-53, CIS Critical Security Controls
  • Strong knowledge of audit and risk management methodologies, such as SOX, COBIT, NIST RMF / 800-37 / 800-30, FAIR
  • Proficient with Atlassian products, G-Suite applications, and GRC tools, such as ZenGRC / ServiceNow / MetricStream
  • Able to communicate security and risk-related concepts to both technical and non-technical audiences (in business terms)
  • Ability to collaborate across interdisciplinary teams to achieve tactical and strategic goals; an innovative teammate, problem solver, and consultant
  • Ability to evangelize IT security to make it a critical part of business operations; build trust and respect for the security function
  • Excellent written and verbal communication, interpersonal and collaborative skills
  • Ability to effectively prioritize and execute tasks in high-pressure situations
  • Understanding of cloud, SaaS, and IoT architectures, and their implications on information security strategy
  • Build, drive and contribute to security and compliance tasking to facilitate continuous improvement and ensure alignment with the overall governance, risk management, and compliance strategy
  • Lead risk mitigation or risk acceptance conversations and help stakeholders reach a common understanding of the risks and tradeoffs, and a defined plan to either mitigate or accept the risk(s)
  • Develop and/or deliver regular risk metrics and reporting to GRC Management and VSEC / Staff leadership and management committees such as the Security Committee or Board Risk Committee
  • Build and maintain strong cross-functional relationships across the organization to help with expectation setting, training and awareness, and promote consistency and improvement in our processes
  • Assist with the implementation and operation of Governance Risk and Compliance (GRC) tooling to further improve and automate our risk management processes
  • Advise and collaborate with SMEs, including Audit & Compliance teams, to ensure adequate security controls are in place to manage risk and are aligned with leading best practices
  • Help support various parts of the company to adopt a common risk management process, this may include joining other Security GRC projects (e.g., Third Party Risk Management, M&A Due Diligence, Risk & Compliance Assessments) or other projects adjacent to our Security GRC program objectives
  • Keep up with relevant regulation, emerging threats, forecasts, policies and best practices, and maintain a mindset of constant innovation to consider possibilities in advancing our risk management framework
Desired Qualifications
  • Bachelor of Science Degree in Engineering Technology, Computer Science, or equivalent
  • Relevant professional certifications in Information Security or Governance Risk Compliance Management is a plus, such as CISA, CISM, CRISC, CGEIT, CSX-P, CISSP, CCSK