The Enterprise Governance, Risk, and Compliance Group is responsible for Veritone’s compliance with the provisions of multiple regulatory frameworks providing certification that our internal control environment is operating effectively. The group reports administratively to the Chief Information Security Officer and works closely with key stakeholders across business units, corporate functions, technology, and the second and third lines of defense.
The Compliance Lead is responsible for the management and execution of IT-related components of the SOX, FedRAMP, SOC 2, and other programs, including key IT-related risk assessments, IT general controls, IT application and interface controls, and assessing the impact to business processes of the overall IT environment.
WHAT YOU’LL DO
- Lead the transformation of the Enterprise Governance, Risk, and Compliance group and play a critical role in the refinement of the IT-related components of the SOX, FedRAMP, SOC 2 and other compliance Programs.
- Act as a change manager for continual improvement of the internal control environment.
- Assist in the strategic direction of the group, including IT program methodology, policies, templates, and procedures and provide recommendations for changes.
- Facilitate the planning, risk assessment and scoping activities for IT processes, including assessment of recent systems implementation that may impact the design and/or operating effectiveness of internal controls
- Lead walkthrough processes and collaborate with IT partners to identify areas where control enhancements and/or documentation improvements are needed (both process narratives and data flow diagrams).
- Oversee coordination between internal team members, internal and external auditors, and system/control owners to ensure cohesive and collaborative execution.
- Review testing approach and align expectations with external auditors to ensure documentation and testing complies with industry standards (including NIST and PCAOB) and allows for reliance by the external auditors.
- Review SOX testing for key general IT controls (ITGCs), IT application controls (ITACs), critical interfaces, and key reports/spreadsheets.
- Facilitate training with control owners and lead technical and process workshops.
- Maintain a high level of visibility across the organization with various levels of Management and serve as a key point of contact within the Security and Compliance Team.
WHAT YOU’LL NEED
- Bachelor’s Degree OR 4 years of relevant experience
- 7 years of experience in public accounting or large company IT audit, IT risk consulting and/or leading SOX program support/execution, Big 4 preferred
- Professional certification including CISA, CIA and/or CPA required
- Demonstrate and apply a thorough understanding of IT-related risks and controls for complex information systems, i.e. microservice and/or cloud computing environments.
- Deep understanding of risk management methodologies, frameworks, and principles (e.g., SOX, COBIT, NIST) to evaluate and recommend optimal approaches to mitigating risk
- Strong knowledge of technology environments, including information security, infrastructure, data and software development (Cloud technologies, Windows, UNIX, Databases, Workday, etc.)
- Experience managing a team consisting of internal and outsources resources, including reinforcing performance in others, and facilitating their skill development
- Proficiency with Microsoft Office and Google Workspace
BONUS POINTS IF
- Bachelor of Science Degree in Finance/Accounting, Engineering Technology, Computer Science, or equivalent
- Relevant professional certifications in Information Security or Governance Risk Compliance Management is a plus, such as CISA, CISM, CRISC, CGEIT, CSX-P, CISSP, CCSK
- Current or former Federal government employee with information assurance responsibilities.
- Understanding of Cloud, SaaS, and IoT architectures, and their implications on information security strategy.
- Proficiency with Atlassian products, G-Suite applications, and GRC tools, such as ZenGRC / ServiceNow / MetricStream
- Strong understanding of AI solutions and AI enablement across multiple verticals
Investigation / Clearance
- Must be a U.S. Citizen with the potential ability to obtain a Public Trust investigation (Tier 2) and / or Secret Clearance.
WHAT WE OFFER
- An incredible opportunity to impact AI for good and empower the human with AI solutions and services
- A competitive compensation package
- Participation in the Company’s Equity Program
- Remote first + Hybrid workplace
- VERI Communities (Affinity Groups) & Belonging
- Empowerment to build your career journey at Veritone
- Flexible (Paid) Time Off
- Benefits Program: medical, dental, vision, 401K matching, and more!
- Mental health awareness and support
Share
Facebook
Twitter
LinkedIn
Telegram
Tumblr
WhatsApp
VK
Mail