Manager Of IT Security Risk And Compliance

Veeva Systems Columbus , OH 43216

Posted 3 months ago

At Veeva, we build enterprise cloud technology that powers the biggest names in the pharmaceutical, biotech, consumer goods, chemical & cosmetics industries. Our customers make vaccines, life-saving medicines, and life-enhancing products that make a difference in everyday lives. Our technology has transformed these industries; enabling them to get critical products and services to market faster. Our core values, Do the Right Thing, Customer Success, Employee Success, and Speed, guide us as we make our customers more efficient and effective in everything they do.

The Role

As the Manager of Risk and Compliance you will be responsible for monitoring company risk and helping to ensure compliance to changing regulation and legislation. You will be responsible for monitoring compliance with security standards, internal periodic security maintenance, internal security audits, third party security assessments, and coordinating external annual audits. You will foster a compliance culture throughout Veeva, communicating effectively and building positive relationships with other Veeva teams.

What You'll Do

  • Coordinate/Monitor/Review annual audits be third party assessors (ISO27001, ISO27017, ISO27108, SOC2 Type 2, HIPAA, HiTrust)

  • Monitor changes to core standards such as NIST 800-53, NIST 800-64, NIST 800-37 and others

  • Build an internal audit evidence collection framework, focused on automation first

  • Manage securities Risk profile and scores.

  • Monitor compliance with Veeva policies and procedures

  • Identify policy and process improvement opportunities, develop recommendations and communicate with stakeholders in a collaborative manner

  • Advise management on risk and control issues and provide practical recommendations to ensure risks are appropriately managed.

  • Lead in recruiting, supervising, training and evaluating the performance of staff auditors

  • Represent the Security team in customer facing audits.


  • Bachelor's degree

  • 5+ years of relevant internal audit and/or compliance experience

  • Experience with ISO27001, ISO27017, ISO27018, SOC2 Type 2, HIPAA, HiTrust, NIST

  • Experience as a people manager with a focus on associate development

  • Strong oral and written communication skills

  • Ability to form working relationships with both internal and external stakeholders

  • Ability to work independently or as a member of a team

Nice to Have

  • CISA, CISSP, CIA or other professional certification

  • Experience building automated processes

Perks & Benefits

  • Flexible PTO

  • Healthy, free, provided lunches and snacks every day

  • Allocations for continuous learning & development

  • Discounted gym membership

Veeva's headquarters is located in the San Francisco Bay Area with offices in more than 15 countries around the world.

Veeva is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, sex, sexual orientation, gender identity or expression, religion, national origin or ancestry, age, disability, marital status, pregnancy, protected veteran status, protected genetic information, political affiliation, or any other characteristics protected by local laws, regulations, or ordinances.

icon no score

See how you match
to the job

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
IT Risk & Compliance Spec IT Risk & Compliance Spec Senior

American Electic Power

Posted 7 days ago

VIEW JOBS 8/18/2019 12:00:00 AM 2019-11-16T00:00 Job Description This role is being posted in a range and the offer will be made based on the candidates' qualifications.* Internal applicants who are already in one of these grades this will be considered a lateral move. Position Summary: Responsible for: The execution and / or oversight of technical controls throughout the IT environment (infrastructure, applications, telecom) and cyber security environment with moderate direction from senior team members. Developing fundamental understanding of basic risk and compliance practices and concepts. Assistance in gathering, investigating, and analyzing risk and compliance requirements, processes, and incidents. Development and maintenance of necessary documentation of systems, projects, and/or processes. Often involved directly in implementation, support and usage of technical solutions. Engagement in all phases of Audit Management processes. Maintaining an open and collaborative environment that promotes safety, accountability, engagement, and continuous improvement throughout AEP. ASSURANCE TEAM * Communicating IT Controls to process owners; guiding Operations team on appropriate application of standards and controls * Ownership of Audit Management; close alignment regulatory agencies both internal and external to AEP * Design, implementation, and ownership of Records Management Program * Design, implementation, and ownership of IT Control Framework * Collaborating with Operations and Resilience teams to escalate concerns, maintain metrics * Unifying IT control standards, processor documentation and evidence among IT and cybersecurity and appropriate BUs * Ensuring audit evidence and request deadlines are met * Involvement in development and support of mitigations and remediations, new processes, new policies, new controls * Building and sustaining collaborative relationships with Operating Company and Business Unit management, and with external partners, suppliers and vendors. * Responsible for understanding the regulatory details (i.e. NERC CIP, SOx, HIPPA, etc) to which AEP must comply Associated tasks: * Assist in coordinating some work assignments of lower level team members within the group. Contributes to the creation of a climate in which people want to do their best. * Develop and present documents and reports clearly, concisely, and effectively. Adjust and translate delivery style to fit the audience. * Identifies, clarifies, resolves, and initiates solutions to risk-related concerns * Supports Operations and Assurance team when necessary * Actively participates in team initiatives and meetings by preparing, making contributions and following through on agreements. * On-going professional and personal development American Electic Power Columbus OH

Manager Of IT Security Risk And Compliance

Veeva Systems