At Vercel, we are building an open-source developer tools platform that enables developers to build and iterate on the web without sinking time and money into DevOps. We are a remote-first and globally distributed team and we want to shape the future of the web by making cloud computing accessible to everyone. Our philosophy is based on the principles of learning, collaboration, transparency, experimentation, and passion.
We are goal-driven and dedicated
We use our own tools every day
We thrive together with our community
We are customer-obsessed
We believe in people's ability to grow
About the Role:
Vercel’s promise is to enable dynamic at the speed of static, and to deliver a world class developer experience. We’re here to make the web. Faster.
The Trust Manager / Analyst will play a critical role in building right-sized, functional and scalable security processes and very importantly culture.
We're looking for a Trust Manager / Analyst to help shape and deliver on our vision, in support of aiding in maturation of security processes to empower customer to make an informed decision with the right security collateral e.g. Trust. This trust will go beyond customer confidence, but it will be a representation of the strength of security culture that we will develop together.
As a Trust Manager, you will report to the Chief Information Security Officer and work closely with Vercel's IT, engineering, sales engineering, PeopleOps and the finance organizations. This is an opportunity to rapidly develop a security program to scale. If you are a passionate, communicative leader who loves educating and empowering teams to understand the need for enabling good security, which results in easy compliance - we should talk.
What You'll Do:
Support a culture of risk management, risk and control visibility with measurable risk reduction and effective reporting and governance of risk reduction activities.
Develop a Third Party Risk Management assessment lifecycle, enhance policy, review / update existing risk management policy, standards and procedures.
Execution of Risk Assessments of all new projects, technology implementations, new & existing vendors
Determine information security risk profiles for various systems, assets, data, vendors
Enable GRC automation workflows to enable automated artifact gathering and overall risk management and control effectiveness
What You Have:
5+ years Technology Risk Management & Third Party Risk Management experience or a combination of IT-GRC and information security experience or 1-2 years of experience with a Bachelor’s degree with proficiency in Management Information Systems, Technology Management or Cybersecurity
Expertise in technical program management, particularly in areas of security, and/or technology risk management
Demonstrated ability to analyze information and assimilate into consumable management reporting
Bonus If You:
Existing security related certifications: CISM, CRISC, CISSP is a plus
You have directly driven a compliance roadmap and the achievement of SOC 2, ISO 27001, PCI DSS, HIPAA.
Effective communication and relationship-building skills, a natural affinity for being curious and inquisitive, and an ability to work with ambiguity, analyze situations and problem solve.
Competitive compensation and stock options
Inclusive Healthcare Package
Flexible working style - 100% remote, with teammates located throughout the globe
Learn and Grow - we provide mentorship and send you to events that help you build your network and skills
Unlimited PTO - 4 weeks recommended per year. Take time when you need it.
We will provide you with the gear you need to do your role, and a WFH budget for you to outfit your space as needed.
Vercel is committed to fostering and empowering an inclusive community within our organization. We do not discriminate on the basis of race, religion, color, gender expression or identity, sexual orientation, national origin, citizenship, age, marital status, veteran status, disability status, or any other characteristic protected by law. Vercel encourages everyone to apply for our available positions, even if they don't necessarily check every box on the job description.