Senior Security Compliance Analyst

Veeva Systems is a mission-driven organization and pioneer in industry cloud, helping life sciences companies bring therapies to patients faster. As one of the fastest-growing SaaS companies in history, we surpassed $2B in revenue in our last fiscal year with extensive growth potential ahead.
At the heart of Veeva are our values: Do the Right Thing, Customer Success, Employee Success, and Speed. We're not just any public company we made history in 2021 by becoming a public benefit corporation (PBC), legally bound to balancing the interests of customers, employees, society, and investors.
As a Work Anywhere company, we support your flexibility to work from home or in the office, so you can thrive in your ideal environment.
Join us in transforming the life sciences industry , committed to making a positive impact on its customers, employees, and communities.
The Role
As a Senior Security Compliance analyst, you will lead all efforts for select Veeva products in support of ISO 27001, SOC 2, and other third-party compliance audits. Veeva will count on you to deliver successful audit results and enhance the overall effectiveness of its compliance efforts.
Strong teamwork skills and an ability to operate with little or no direction are essential to success in this role. What You'll Do

• With little oversight, you will plan and facilitate annual ISO 27001, SOC 2, and other third-party audits from start to finish and ensure successful outcomes
• Prepare internal teams for an audit, ensuring controls, evidence, and appropriate documentation are in place
• Work with product and other internal teams to identify control gaps
• Provide expert guidance on how to close control gaps
• Monitor gap closure efforts
• Collect, organize, and review control evidence
• Manage and coordinate interactions with external auditors, subject matter experts, and other stakeholders
• Write or update policy, procedures, reports, and other documents as needed
• Effectively present Veevas case for compliance to auditors
• Serve as subject matter expert in the relevant security compliance frameworks, auditing procedures, and evidence requirements
• Serve as an advisor to engineering, IT, and business process teams to assist them in supporting compliance efforts
• Advise management on security risk and control issues, and provide practical recommendations to ensure that security risks are properly managed
• Collaborate with senior leaders to determine audit scope
• Communicate status, opportunities, and compliance risks with senior leaders and other stakeholders
• Analyze and evaluate audit frameworks to determine applicability and compliance resource requirements
• Identify policy and process improvement opportunities, automation opportunities, develop recommendations, and communicate with stakeholders collaboratively
• At all times you will be expected to communicate effectively and build positive relationships with other Veeva teams

Requirements

• 5+ years of experience in roles where the primary responsibilities are centered on achieving successful ISO 27001 or SOC 2 Type 2 audit results. This includes:
• Mastery of the requirements for all the controls in the ISO 27001 and/or SOC 2 standards
• Thorough understanding of auditing procedures and norms for these frameworks
• Engaging stakeholders (internal customers, executive leadership, technology and business teams) to motivate and influence behaviors and decisions in support of compliance
• Deep experience in assessing control gaps and advising engineering and business process teams on closing those gaps
• Generating and collecting evidence necessary to demonstrate adherence to the ISO 27001 or SOC 2 standards
• Reviewing and organizing evidence to ensure that it can be used to demonstrate standards compliance
• Managing the audit process to ensure that auditors receive the necessary information and adhere to the correct audit scope
• 2+ years technical or compliance experience with services built and implemented in a public cloud service (e.g., AWS, Azure, Google Cloud)
• Demonstrated experience and track record of success working in a team-oriented, collaborative environment
• Demonstrated ability to lead and work independently
• Highly attentive to details
• Strong verbal and written communication skills

Nice to Have

• Experience with FISMA, GovRAMP, FedRAMP, SOX, HIPAA regulations/compliance frameworks
• Relevant certifications such as CISSP, CISA, CRISC, CIPP, CIPM, CIPT
• Technical experience in an engineering, software development, or technical support role
• Bachelors degree in computer science, information security, or other related discipline

Perks & Benefits

• Medical, dental, vision, and basic life insurance
• Flexible PTO and company paid holidays
• Retirement programs
• 1% charitable giving program

Compensation

• Base pay: $100,000 - $175,000
• The salary range listed here has been provided to comply with local regulations and represents a potential base salary range for this role. Please note that actual salaries may vary within the range above or below, depending on experience and location. We look at compensation for each individual and base our offer on your unique qualifications, experience, and expected contributions. This position may also be eligible for other types of compensation in addition to base salary, such as variable bonus and/or stock bonus.

#LI-Remote
Veevas headquarters is located in the San Francisco Bay Area with offices in more than 15 countries around the world.
Veeva is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, sex, sexual orientation, gender identity or expression, religion, national origin or ancestry, age, disability, marital status, pregnancy, protected veteran status, protected genetic information, political affiliation, or any other characteristics protected by local laws, regulations, or ordinances. If you need assistance or accommodation due to a disability or special need when applying for a role or in our recruitment process, please contact us at ... .