Team: Quality & Security & Compliance
City: Columbus
State: OH
Veeva Systems is a mission-driven organization and pioneer in industry cloud, helping life sciences companies bring therapies to patients faster. As one of the fastest-growing SaaS companies in history, we surpassed $2B in revenue in our last fiscal year with extensive growth potential ahead.
At the heart of Veeva are our values: Do the Right Thing, Customer Success, Employee Success, and Speed. We’re not just any public company – we made history in 2021 by becoming a public benefit corporation (PBC), legally bound to balancing the interests of customers, employees, society, and investors.
As a Work Anywhere company, we support your flexibility to work from home or in the office, so you can thrive in your ideal environment.
Join us in transforming the life sciences industry, committed to making a positive impact on its customers, employees, and communities.

REQUIREMENTS

• At least five years of experience leading organizations to obtain or retain ISO 27001 certification, or at least five years of experience leading organizations to achieve a “clean” SOC 2 Type 2 report. This includes:
• Mastery of the requirements for all the controls in the ISO 27001 and/or SOC 2 standards.
• Engaging stakeholders (internal customers, executive leadership, technology and business teams) to motivate and influence behaviors and decisions in support of compliance.
• Deep experience in assessing control gaps and advising engineering and business process teams on closing those gaps.
• Generating and collecting evidence necessary to demonstrate adherence to the ISO 27001 and SOC 2 standards.
• Reviewing and organizing evidence to ensure that it can be used to demonstrate standards compliance.
• Managing the audit process to ensure that auditors receive the necessary information and adhere to the correct audit scope
• At least two years technical or compliance experience with services built and implemented in a public cloud service (eg, AWS, Azure, Google Cloud)
• Demonstrated experience and track record of success working in a team-oriented, collaborative environment
• Demonstrated ability to lead and work independently
• Highly attentive to details
• Strong verbal and written communication skills

THE ROLE

As a security and compliance analyst, you will help ensure ongoing compliance with relevant regulations and maintain current certification status against ISO 27001 and SOC 2 in addition to various other standards and certifying bodies. You will be responsible for identifying control gaps; advising internal teams in how to close those gaps; collecting, organizing, and reviewing control evidence; managing and coordinating interactions with external auditors; and planning the overall compliance effort for Veeva products in scope for ISO 27001 and SOC 2 Type 2 and other compliance frameworks. You will contribute to efforts to improve the efficiency of compliance operations and reduce the compliance burden on other teams within Veeva. You will support third party security assessments and periodic maintenance as needed, foster a compliance culture throughout Veeva, communicate effectively and build positive relationships with other Veeva teams.

WHAT YOU’LL DO

• Plan annual ISO, SOC 2, and other third-party audits from start to finish; perform gap assessments and advise on gap closure; collect, review and catalog evidence; present evidence to auditors to make the case for compliance; and manage the overall interactions with external auditors
• Serve as an advisor to engineering, IT, and business process teams to assist them in supporting compliance efforts
• Advise management on risk and control issues, provide practical recommendations to ensure that risks are properly managed
• Collaborate with senior leaders to determine audit scope
• Monitor compliance with Veeva policies and procedures
• Communicate status with senior leaders and other stakeholders
• Analyze and evaluate other audit frameworks to determine applicability and compliance resource requirements
• Identify policy and process improvement opportunities, automation opportunities, develop recommendations, and communicate with stakeholders collaboratively