Security Compliance Analyst

Summary

Join Veeva Systems, a leading life sciences industry cloud company, as a Security and Compliance Analyst. You will play a key role in ensuring compliance with ISO 27001, SOC 2, and other standards. Responsibilities include planning audits, identifying control gaps, advising internal teams, collecting evidence, and managing interactions with external auditors. You will also advise management on risk and control issues and contribute to improving compliance operations. This position requires at least five years of experience in ISO 27001 or SOC 2 compliance, including mastery of relevant controls and stakeholder engagement. Veeva offers a flexible work environment and a comprehensive benefits package.

Requirements

• At least five years of experience leading organizations to obtain or retain ISO 27001 certification, or at least five years of experience leading organizations to achieve a “clean” SOC 2 Type 2 report
• Mastery of the requirements for all the controls in the ISO 27001 and/or SOC 2 standards
• Engaging stakeholders (internal customers, executive leadership, technology and business teams) to motivate and influence behaviors and decisions in support of compliance
• Deep experience in assessing control gaps and advising engineering and business process teams on closing those gaps
• Generating and collecting evidence necessary to demonstrate adherence to the ISO 27001 and SOC 2 standards
• Reviewing and organizing evidence to ensure that it can be used to demonstrate standards compliance
• Managing the audit process to ensure that auditors receive the necessary information and adhere to the correct audit scope
• At least two years technical or compliance experience with services built and implemented in a public cloud service (eg, AWS, Azure, Google Cloud)
• Demonstrated experience and track record of success working in a team-oriented, collaborative environment
• Demonstrated ability to lead and work independently
• Highly attentive to details
• Strong verbal and written communication skills

Responsibilities

• Plan annual ISO, SOC 2, and other third-party audits from start to finish; perform gap assessments and advise on gap closure; collect, review and catalog evidence; present evidence to auditors to make the case for compliance; and manage the overall interactions with external auditors
• Serve as an advisor to engineering, IT, and business process teams to assist them in supporting compliance efforts
• Advise management on risk and control issues, provide practical recommendations to ensure that risks are properly managed
• Collaborate with senior leaders to determine audit scope
• Monitor compliance with Veeva policies and procedures
• Communicate status with senior leaders and other stakeholders
• Analyze and evaluate other audit frameworks to determine applicability and compliance resource requirements
• Identify policy and process improvement opportunities, automation opportunities, develop recommendations, and communicate with stakeholders collaboratively

Preferred Qualifications

• Experience with FISMA, FedRAMP, SOX, HIPAA regulations/compliance frameworks
• Relevant certifications such as CISSP, CISA, CRISC, CIPP, CIPM, CIPT
• Technical experience in an engineering, software development, or technical support role
• Bachelor’s degree in computer science, information security, or other related discipline

Benefits

• Medical, dental, vision, and basic life insurance
• Flexible PTO and company paid holidays
• Retirement programs
• 1% charitable giving program