Director - IT Compliance - CA Technologies - Santa Clara

Job description
Oversees the design and implementation of IT controls/risk and overall Governance, Risk & Compliance (GRC) management strategy and framework. Ensures that a coordinated and consistent approach to controls/risk and GRC management activity is undertaken across the SaaS business. Responsible for providing ongoing controls/risk management support and guidance to the business, designing and producing reporting.
Overall accountability for GRC - SaaS and is accountable to the organization. The position requires an industry leader with deep acumen in Technology and Security while maintaining an executive presence. Must be both the internal and external face of GRC for the company. This person must be able to lead as a self-starter and as an owner of the overall program. Must have a deep understanding of technology and information security with a background in both application security and cloud computing. This role will consult directly with Technology / Operations, the business, and external partners and customers. The ideal candidate should have an understanding of the risks associated with a cloud computing environment and the compliance requirements associated with it.

Role & Responsibilities:
Focused on defining and building out compliance programs and quality programs
Build and maintain our compliance program for third party attestations for SSAE 16, FEDRAMP, CSA and ISO27001 compliance.
Establish best practices and associated processes.
Responsible for conducting regular meetings and management overview of risks and controls
Architect, build and maintain solutions to manage the risks of CA’s SaaS business
Work with product/ops/service teams and make recommendations on SaaS Risk & Compliance
Review and approve processes, procedures, standards and changes
Maintain existing risk, controls and frameworks

Desired Skills and Experience
Requirements:
3+ years as a ISSO/CSO in a SaaS organization/product
Ability to deliver results quickly and efficiently with iterative approaches
Experience building programs and frameworks that meet regulatory compliance (FEDRAMP, ISO27001, SSAE16 SOC 1&2, PCI, FDA CFR Part 11)
Have a CISSP certification that is current and verifiable (desired)
Hands on leader who will get their hands dirty when necessary to ensure the security of the SaaS organization.
Effective leader who can build credibility and influence

Enter your email address:

Refer This Job To Your Friends And Help Them To Find Jobs!