Sr. Compliance Program Manager
San Francisco,California, VMware Company Overview: VMware, we believe that software has the power to unlock new opportunities for people and our planet. We look beyond the barriers of compromise to engineer new ways to make technologies work together seamlessly. Our cloud, mobility, and security software form a flexible, consistent digital foundation for securely delivering the apps, services and experiences that are transforming business innovation around the globe. At the core of what we do are our people who deeply value execution, passion, integrity, customers, and community. Shape what’s possible today at http://careers.vmware.com.Job ID R1914346-2 Date posted Dec. 03, 2019
This resource will ensure that VMware’s systems, information and physical assets are adequately protected and compliant while providing visibility to Management of the control status and top program risks on an ongoing basis.
This resource should ensure the existence of appropriate security governance within the VMware Compliance Program scope including environments (policy, procedures, baselines and monitoring); assessment of required controls, and testing of adherence to required policies, procedures and monitoring. This position will collaborate with other members of the Security and IT teams to define appropriate and effective information security controls and will work with the various business units to implement. The position will also be responsible for performing risk assessments and gap analysis exercises while working collaboratively with Functional Business Unit and IT teams to implement required remediation effectively.
The position must possess initiative and drive and have broad relevant technical knowledge for a cloud based environment. Good management expertise and excellent written and verbal communication skills are also key attributes for the position.
Essential functions for this role include:
- Perform a Gap analysis and implement required controls to meet VMware Compliance Program requirements in a cloud environment.
- Maintain ongoing oversight of concurrent, company-wide programs and initiatives that impact the Compliance programs. Escalate and resolve risks and issues as required.
- Develop and track towards a Corporate Compliance program roadmap.
- Develop metrics and reporting to demonstrate compliance program compliance status.
- Communicate the compliance risk posture and compliance effectiveness to Management on a scheduled basis.
- Test for adherence to compliance controls, policies, procedures and standards.
- Prepare for engagement reviews and quality assurance activities.
- Work effectively with remote offshore team on assessments and compliance monitoring activities
- Follow up on deficiencies identified in monitoring reviews, self-assessments, automated assessments, and internal and external audits to ensure appropriate remediation measures have been achieved timely.
- Perform impact analysis as needed where controls fail or are considered ineffective.
- Track mitigation steps and ensure that risks are managed appropriately and in a timely manner.
- Assist with other GRC activities as required.
- Provide ongoing guidance and consultation to the organization to promote a progressive and sustainable compliance initiatives.
- Assist with integrating compliance requirements into the organization’s processes (e.g., change control, mergers and acquisitions) and life cycle activities.
- Manages a complex group of projects and may need to act as a change agent
- Manages timelines, resources, project plans, action item logs, status reports and statistics to ensure milestones, goals and commitments are met.
- Work closely with both Internal and External audit teams.
- Lead control integration efforts with new or existing systems and supporting architecture
- Maintain knowledge and awareness of VMware and industry changes/developments in order to continually identify and evaluate key business areas, their respective business processes and controls
- Understands business processes, process controls and its impact on financial reporting. Understands testing techniques and able to communicate test results/findings to various stakeholders or functional managers