Key Responsibilities:
- Establish and operate an enterprise Veeva platform risk management framework covering cyber security, resiliency, supplier, and operational risks (IT Business Continuity, Disaster Recovery, Platform Compliance, Audit Readiness).
- Create and maintain a single enterprise risk baseline across all Veeva vaults and divisions.
- Lead cyber resiliency assurance, including deep multi-layer reviews of Veeva controls (SaaS, PaaS, IaaS where applicable).
- Coordinate platform risk assessments with ITRMS, MCAAS, QA, GSG, GPO, Architecture, and divisional teams.
- Identify, assess, and prioritize risks; define remediation or risk-acceptance paths.
- Track and report remediation progress and residual risk via enterprise governance.
- Establish continuous risk governance (monitoring and cadence-based reporting).
- Partner with Platform Governance, Architecture, and FinOps for risk-informed prioritization and investment decisions.
- Coordinate Joint Cyber Incident Response (JCIR).
- Support audit/inspection readiness with traceability, transparency, and objective evidence.
Minimum Requirements:
- Bachelorโs degree in Computer Science, Engineering, Information Systems, or equivalent.
- 8+ years in enterprise risk management, cyber security assurance, technology risk, or IT governance.
- Preferred: Masterโs degree.
- Experience in regulated environments.
- Experience leading enterprise-level, not just project-level, risk assessments.
- Matrix experience across security, audit, quality, and risk.
- Ability to communicate complex risk to senior leadership.