Security Automation Engineer

Security Compliance Strategist

As a Senior Security Compliance Strategist you are in a leadership position within the Engineering organization – to partner with Engineering, Product Management, Technical Operations, IT, & Customer Success teams to build and deliver key projects and programs. You will be the point person for clarifying strategic level goals, and outlining the execution plans to achieve them. Employing both a strategic focus, as well as a tactical approach is a must in this role. You will play a critical role in the delivery of a wide range of initiatives – from small, quick wins, to lengthy and complex compliance programs. The ideal candidate will have strong program / project management experience in a SaaS/mobile and agile environment.

Key Responsibilities

Manage compliance projects across multiple teams, including operations, IT and development

Develop internal policy and procedure documents to support security compliance initiatives

Perform external & internal security compliance audit activities

Advise internal business stakeholders on risk and compliance requirements and work in cross-functional partnership to help ensure those requirements are met

Clearly explain our security compliance program to third parties, including customers and vendors

Deep experience in information security, data compliance, and risk management

In depth understanding in all aspects of risk management, data compliance, information security strategy, technologies and tools

Direct experience with successfully implementing and managing an IT GRC tool (e.g., Archer, Modulo, MetricStream, etc.)

Experience with developing and producing security and compliance reporting that are meaningful and actionable for both technical/engineering and executive management audiences

Proven experience developing and submitting audit and compliance reports to governing bodies, legal entities, and/or external authorities

Direct experience and knowledge of applicable local and federal information technology laws

Solid knowledge and understanding of security controls across all security domains such as access management, encryption methods, vulnerability management, network security, etc.

Structure and kick-off continuous and/or time-bound programs within the Engineering organization by clarifying priorities, enabling the execution of deliverables, defining process flows, and providing continuous transparency

Lead Engineering initiatives to obtain industry compliance certifications

Take a hands-on approach and partner with Engineering team leads and managers to implement and adopt processes and procedures in accordance with compliance standards

Lead the introduction of new processes / workflows, by creating and bringing proposed solutions to the teams. Work collaboratively to roll-out iteratively

Build and maintain alignment across multiple teams for keeping a focus on execution, continuous improvement, and operational excellence

Take a hands-on and proactive approach to unblock progress, introduce efficiencies, and provide workflow solutions

Anticipate and mitigate risks – by having close involvement with teams’ goals and challenges, applying past experience, and keeping in mind the big picture

Desired Skills, Experience & Qualifications

5-10 years of experience in an equivalent risk and technology compliance related role

Familiar with industry compliance standards as they relate to Software as a Service, such as SOC 1 (SSAE16), SOC 2, PCI, SOX, GLBA

Familiarity with Cloud Computing and Software as a Service

Keen attention to detail and accuracy is necessary in order to analyze and finalize documents

Organized, responsive, and able to gain support and consensus with multiple stakeholders

Strong communications skills, both written and oral

Experience working in an agile environment

Led cross-organizational teams to deliver strategic / business level goals, by partnering with Product & Engineering leadership

Big 4 experience or related professional services/consulting background strongly preferred

Certifications such as CISSP, CISA, CISM highly desirable

Bachelors or Masters in Computer Science or a related engineering field and equivalent experience