Risk Manager, Trust and Security

Описание вакансии

Veeam is the Data and AI Trust Company, specializing in helping organizations ensure their data and AI are fully understood, secured, and resilient to enable the acceleration of safe AI at scale. As the market leader in both data resilience and data security posture management, Veeam is built for the convergence of identity, data, security, and AI risk. Headquartered in Seattle with offices in more than 30 countries, Veeam protects over 550,000 customers worldwide, who trust Veeam to keep their businesses running. Join us as we go fearlessly forward together, growing, learning, and making a real impact for some of the world’s biggest brands.

About the Role

We’re looking for a Risk Manager to build, own, and mature the security risk management program for our cloud‑native Veeam Data Cloud (VDC) platform. Our SaaS products run on Microsoft Azure and related cloud services, delivering high‑trust, secure data protection to customers across regulated and enterprise environments.

In this role, you will be responsible for turning raw security findings into a clear, prioritized, and business‑relevant risk story. You will design and run the core processes for identifying, assessing, and tracking security risks, own the VDC Security risk register, and help leadership understand where to invest for the biggest risk reduction. You’ll partner directly with engineering, SRE, Global Information Security (GIS), and other security teams to ensure our SaaS environment remains secure, resilient, and aligned with Veeam’s risk appetite.

What You’ll Do

• Build and operate a formal security risk management process for Veeam Data Cloud, including risk identification, assessment, prioritization, and tracking
• Own and maintain the VDC Security risk register, ensuring risks are clearly defined, consistently scored, and mapped to underlying evidence (e.g., Jira issues, penetration test reports, vulnerability scans, cloud configuration findings)
• Define and apply a consistent methodology for likelihood and impact, translating technical issues into business‑relevant risk ratings and treatment recommendations
• Aggregate and normalize findings from multiple sources (cloud security tools, penetration tests, audits, engineering reviews) into coherent risks and mitigation initiatives
• Partner with engineering, SRE, and security teams to convert high‑priority risks into actionable work items and projects, and track remediation progress over time
• Collaborate with GIS to align VDC’s risk taxonomy, thresholds, and reporting with enterprise security and compliance requirements
• Prepare and support quarterly executive risk reporting for the VP of VDC Engineering, the CTO, and the President of VDC, highlighting top risks, trends, and progress on mitigation
• Provide risk insights and data to support roadmap planning, investment decisions, and risk acceptance discussions
• Continuously evaluate and improve the effectiveness of risk processes, metrics, and tooling to ensure that VDC’s security investments deliver measurable risk reduction

Technologies You’ll Work With

• Cloud platforms and services: Microsoft Azure (e.g., Entra ID, App Service, AKS, Storage, Networking, Key Vault, Defender, Monitor)
• Identity and access management: cloud identity models, roles and permissions, privileged access, and secure configuration baselines
• Security & risk tooling: vulnerability management, cloud security posture management (CSPM/CNAPP), SIEM, logging and monitoring platforms, and workflow tools (e.g., Jira)
• Reporting & analytics: dashboards and reports that surface security posture, risk trends, and remediation progress to technical and executive stakeholders

What You’ll Bring

• 5+ years of experience in security risk management, security governance, or a closely related role within cloud or SaaS environments.
• Hands-on experience building or operating risk registers and assessment processes (including scoring, prioritization, and risk treatment tracking), and working with security findings from tools such as vulnerability scanners, cloud security posture tools, and penetration tests.
• Strong understanding of cloud security concepts and risks, ideally including Microsoft Azure and modern identity platforms (e.g., Microsoft Entra); ability to translate technical security findings into clear business impact for senior stakeholders.
• Proven analytical and problem-solving skills, proficiency with workflow tools like Jira, and success collaborating with engineering, SRE, security, and distributed teams in multi-tenant environments

Bonus Skills

• Experience partnering with a central or corporate security team (e.g., GIS) in a multi‑business‑unit organization
• Experience preparing executive‑level or C‑suite risk reporting and presentations
• Familiarity with common risk frameworks (e.g., ISO 27005, NIST SP 800‑30, FAIR)
• Exposure to event‑driven cloud architectures and modern SaaS platforms
• Relevant security, cloud, or risk certifications

#LI-SO2

What you'll get

• Unlimited paid time off, 12 paid holidays, plus 4 extra global VeeaMe Days for self-care and 24 paid volunteer hours annually through Veeam Cares
• Paid parental leave: 8 weeks for all parents, 16 weeks for birthing parents
• Medical, dental, and vision coverage starting on your first day
• Mental health support, therapy sessions, and digital wellness tools via our Employee Assistance Program
• 401(k) retirement plan with company matching contributions
• Fertility, adoption, and surrogacy support through Maven, plus paid volunteer time
• AirVet: 24/7 virtual veterinary care at no cost
• Legal services, identity protection, and supplemental health insurance options
• Tax-advantaged spending accounts for healthcare, dependent care, and commuting
• Opportunities to learn and grow through on-demand libraries (LinkedIn Learning, O’Reilly), mentoring, workshops, and learning events like our annual Global Day of Learning

Compensation Transparency

Veeam is committed to pay transparency and equitable compensation. For this role, the compensation range below reflects the expected total target compensation (TTC), inclusive of base pay and a competitive performance-based bonus. For roles with a commission plan, the compensation range represents On Target Earnings (OTE), which includes base salary plus variable commission. When determining compensation, Veeam takes into consideration factors such as experience, education, skills, and geographic zone. Offers are typically made below the midpoint of the range.

In addition to compensation, Veeam provides a comprehensive benefits package, including health coverage, retirement plans, and unlimited time off.

U.S. Geographic Zones & Compensation Ranges (TTC / OTE)

Zone 1: San Francisco Bay Area, New York City Boroughs

$177,000—$328,700 USD

Zone 2: Washington, California (excluding San Francisco Bay Area)

$162,200—$301,300 USD

Zone 3: Texas, Illinois, North Carolina, Colorado, Massachusetts, Pennsylvania, Virginia, Oregon, Nevada, Hawaii, New York (excluding NYC boroughs); Sales roles located in Georgia, Ohio, and Arizona

$147,500—$274,000 USD

Zone 4: All other US locations

$128,400—$238,300 USD

Veeam Software is an equal opportunity employer and does not tolerate discrimination in any form on the basis of race, color, religion, gender, age, national origin, citizenship, disability, veteran status or any other classification protected by federal, state or local law. All your information will be kept confidential.

Please note that any personal data collected from you during the recruitment process will be processed in accordance with our Recruiting Privacy Notice.  

The Privacy Notice sets out the basis on which the personal data collected from you, or that you provide to us, will be processed by us in connection with our recruitment processes. 

By applying for this position, you consent to the processing of your personal data in accordance with our Recruiting Privacy Notice.

By submitting your application, you acknowledge that the information provided in your job application and any supporting documents is complete and accurate to the best of your knowledge. Any misrepresentation, omission, or falsification of information may result in disqualification from consideration for employment or, if discovered after employment begins, termination of employment.