At Vera, we're building the trusted standard for securing and sharing information. Join us!
Vera is changing the way businesses around the world protect enterprise data. The Vera platform provides dynamic data protection for any kind of information, on any device, and gives you the power to revoke access at any time. We've built a smart, creative, and focused team, solving tough challenges in a diverse, fun, and flexible work environment. Together, we can change how security services are built, deployed, and delivered to enterprises.
Backed by Battery Ventures, Sutter Hill Ventures, Amplify Partners, Capital One Growth Ventures, and some of Silicon Valley’s most notable cyber-security angel investors, we're changing the way security works for the enterprise.
Are you an Information Systems Security & Compliance Manager with a strong understanding of privacy and compliance that can lead and collaborate across multiple organizations on information security, compliance and privacy? The Information Security and Compliance Manager is responsible for overseeing security assurance programs, reporting on compliance levels, identifying non-compliance issues and security vulnerabilities, and managing remediation activities. An important part of the role is leading the end-to-end process of vulnerability identification, investigation, remediation, verification and continuous process improvement including automation. This mission critical role acts as the central conductor for required technical and project related activities across a cross functional organization. The mission of this position is to build a Security Assurance program that will proactively reduce cyber risk to the organization.
Additional responsibilities may be asked as deemed necessary.
- Coordinate the implementation of System Security programs across Cloud infrastructure platforms and establish continued vulnerability reporting criteria.
- Drive the SOC2 audit process and ensure ongoing compliance.
- Advise company leadership on System Security shortfalls and areas needing improvement or modification.
- Conduct extensive investigations and analysis of largely undefined factors and conditions to determine the nature and scope of System Security problems and devise effective and efficient solutions
- Responsible for reviewing proposed new systems, networks, and software designs for potential System Security risks and resolving integration issues related to the implementation of new systems with the existing Cloud infrastructure
- Conduct the monitoring of new or emerging information technologies to assist in the identification of most effective approach or methodology to be applied in securing the Cloud infrastructures.
- Implement higher-level System Security requirements such as those resulting from laws, regulations, or Government directives by developing long-range plans for System Security systems that anticipate, identify, evaluate, mitigate, and minimize risks associated with Cloud infrastructures’ vulnerabilities.
- Ensures forensic and malware analytical activities are conducted within the organizations Cloud infrastructure platforms according to internal standards
- Help drive and support internal privacy programs including the EU-US Privacy Shield and Swiss-US Privacy Shield, etc.
- Lead, coordinate and manage internal and external assessments of lead privacy program and processes.
- Support internal privacy processes such as subject access requests, data records of processing activities, and privacy impact assessments.
- Support the develop and maintain privacy documentation such as privacy notices and policies.
- Collaborate with business owners to prioritize projects and solutions to reduce privacy risk and improve compliance.
- Support the review new product features and designs and provide guidance on requirements impacting Rubrik’s privacy compliance framework.
- Support accurately and effectively VERAs privacy program to customers.
- Educate and train process owners about privacy and data protection.
- Periodically assess our existing customer offerings and products for security vulnerabilities and detail your findings for our Product & Engineering team to mitigate any exposure.
- Minimum of 5+ years of experience in providing high level technical advice and counsel to top management and other key officials on matters relating to new or modified IT policies and programs that affect or relate to current and existing System Security functions and programs
- Minimum of 3+ years' experience ensuring the confidentiality, availability and integrity of IT systems.
- BS level technical degree required; Computer Science or Math background preferred
- This position requires that the candidate selected be a U.S. citizen.
- 5+ years of experience in Privacy, Data Protection, Privacy Engineering, and/or Information Security Compliance.
- Experience with regional privacy requirements throughout Asia, Europe, and the US and negotiating data protection agreements with customers and vendors.
- Expertise with topics such as EU-US and Swiss-US Privacy Shield, GDPR, data controllers, and data processors.
- Familiarity with security and privacy standards such as SOC, ISO 27001, ISO 27018, FEDRAMP, EU-US Privacy Shield and Swiss-US Privacy Shield, etc.
- Demonstrated experience in developing and managing a privacy compliance program that balances risk and the needs of the business.
- Experience with Software-as-a-Service or cloud service providers industry challenges.
- Excellent interpersonal, verbal, and written communication skills with the ability to communicate privacy concepts to a broad range of technical and non-technical staff.
- Demonstrated success working with internal audit, external auditors, outside consultants, and legal counsel.
- Equally comfortable working with other members of the team, as well as independently.
- Strong technical foundation to be able to develop VERA privacy program best practices based on compliance requirements and VERA systems and processes.
- Ability to manage multiple projects and deliver quality work to deadlines
- CIPP, CIPM, CIPT, CISSP, or other related certifications
- Experience in making recommendations for resolving System Security problems and requirements for multiple platforms that utilize a common Cloud infrastructure that Government customers leverage as an enterprise compute environment
- Delivery - Engagements that include projects proving the use of AWS cloud services to support new secure computing solutions that often span the Governments customers’ enterprise infrastructure. Engagements will include the secure migration of existing applications and development of new applications using AWS cloud services
- Experience in application security architecture, security code reviews, security testing, incident response, or security infrastructure
- Experience working with Risk Management Framework (RMF) and Security Controls Traceability Matrix (SCTM)
- Experience with Amazon Web Services
- Developing and interpreting policies, procedures, and strategies governing the planning and delivery of System Security services throughout an enterprise Cloud infrastructure;
- Providing technical advice, guidance, and recommendations to high level management officials and technical staff on critical System Security issues
- Applying knowledge of IT project management principles, methods, and practices to develop plans and schedules, estimate resource requirements, define milestones and deliverables, monitor activities, and evaluate and report on accomplishments
- Demonstrated experience administering Linux and Windows operating systems in accordance with applicable security controls
- Knowledge of Export Compliance Control
What you will get:
- A great team-oriented environment
- The freedom to be creative and make a difference
- Competitive Compensation package
- Excellent medical benefits