Technical Program Manager - Vulnerability Management

Veeva [NYSE: VEEV] is the leader in cloud-based software for the global life sciences industry. Committed to innovation, product excellence, and customer success, our customers range from the world’s largest pharmaceutical companies to emerging biotechs. Veeva’s software helps our customers bring medicines and therapies to patients faster.We are the first public company to become a Public Benefit Corporation. As a PBC, we are committed to making the industries we serve more productive, and we are committed to creating high-quality employment opportunities.Veeva is a Work Anywhere company which means that you can choose to work in the environment that works best for you - on any given day. Whether you choose to work remotely from home or work in an office - it’s up to you.The RoleThis role calls for an experienced Technical Program Manager to oversee the initiatives and deployment of projects related to vulnerability management. It will include scheduling work, project status reports and metrics, and sustained communications between security and product teams. This position requires a technical background to understand obstacles and develop innovative solutions. Success will be needed through coordination between security, IT, product teams, and engineering.

What You'll Do

• Develop meaningful and actionable performance and risk metrics of a variety of teams based on vulnerability attributes
• Lead and coordinate vulnerability management projects and initiatives to include deadlines, setting responsibilities, monitoring and summarizing progress, and providing updates
• Track milestones and sustain focus on prioritized project requirements
• Gather feedback from product teams to develop customized requirements and develop a plan to meet those prioritized requirements
• Streamline the vulnerability management reporting process for more accurate reporting, tracking, and developing innovative methods to resolve vulnerabilities
• Build and maintain relationships with security, product teams, and other departments involved
• Serve as an advisor and consultant role to product teams on prioritizing vulnerabilities and developing plans to resolve them in a timely manner while maintaining compliance
• Prepare reports for product teams, IT, security, and C-level leadership on risk and performance concerns as they relate to mitigating and eliminating vulnerabilities
• Develop and test unique team-specific requirements for managing the vulnerability lifecycle
• Maintain excellent awareness of the status of all on-prem and cloud devices’ reporting capabilities to the overarching tool suite
• Collaborate with various product teams to identify gaps and pitfalls in managing vulnerabilities, and plan, test, and evaluate new processes to address those gaps and pitfalls
• Maintain, author, and document policy for the continuity of the program
• Develop requirements with vendors in an effort to integrate and optimize the vulnerability management tool suite to match product team requirements

Requirements

• Strong experience in the SDLC process, methodologies, and technologies
• Strong communication skills with executive-level leadership
• Strong understanding of risk management frameworks
• Strong understanding of various methods to mitigate vulnerabilities
• Strong experience in coordinating with various teams’ solutions to manage and prioritize vulnerability remediation
• 4+ years of experience in Vulnerability Management reporting, tracking, metrics, and scanning and assessing results leading to prioritized actions
• 4+ years of experience in technical program management in any cybersecurity or IT-related field
• Strong foundation in project management concepts in meeting deadlines, tracking milestones, and coordinating with external entities
• PMP, CAPM, or equivalent project management certification
• Complex problem-solving skills with the ability to work with minimal supervision
• Legally eligible to work in the United States

Nice to Have

• Strong familiarity with Atlassian Jira and Confluence
• Demonstrated experience in delivering reports and metrics at various levels of an organization, from tactical to operational to strategic
• Good understanding of attack surface management principles
• Strong knowledge of governing regulations such as HIPAA, GDPR, ISO 27001, and SOC 2 compliance standards
• Good understanding of cloud security principles
• Scrum or Agile certification or training
• Good familiarity with cloud architectural devices such as dockers, containers, EC2, etc.

Perks & Benefits

• 100% remote, with an expectation to travel 2 weeks per year, all costs covered by the company
• Healthy, free, provided lunches and snacks at each US office
• Allocations for continuous learning and development
• Allocations for donations to non-profits of your choice
• Onsite gym with free fitness classes offered daily

#LI-RemoteUS#BI-RemoteVeeva’s headquarters is located in the San Francisco Bay Area with offices in more than 15 countries around the world. Veeva is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, sex, sexual orientation, gender identity or expression, religion, national origin or ancestry, age, disability, marital status, pregnancy, protected veteran status, protected genetic information, political affiliation, or any other characteristics protected by local laws, regulations, or ordinances. If you need assistance or accommodation due to a disability or special need when applying for a role or in our recruitment process, please contact us at [email protected].