Senior Information Security Compliance Engineer

Overview

Senior Information Security Compliance Engineer is responsible for implementing and managing the organization’s security compliance initiatives to ensure consistency to regulatory requirements, internal policies, and industry standards. This role will work closely with multi-functional teams, including security operations, risk management, IT, legal, and audit, to ensure that security controls are effectively implemented, supervised, and continuously improved.

Responsibilities

• Conduct regular security assessments and audits in collaboration with security architect
• Supervise compliance across various IoT products and cloud platforms.
• Coordinate internal and external audits and remediation tracking
• Lead and support frameworks including NIST 800-53, ISO 27001, FedRAMP, GDPR, EU CRA
• Implement and validate security policies, standards, and procedures in alignment with compliance obligations.
• Support risk assessments by identifying gaps in security controls and proposing remediation plans.
• Maintain and improve the cybersecurity policy framework.
• Evaluate and recommend tools for control automation and monitoring
• Collaborate with various platform teams to ensure technical security controls meet compliance requirements.
• Participate in vendor and third-party risk assessments.
• Continuously supervise security compliance metrics and key performance indicators (KPIs) for specific product families.
• Experience in writing policy and process design for compliance programs.
• Provide guidance on continuous improvement of the compliance monitoring program.

Qualifications

• Bachelor's Degree in Information Security and Assurance, Computer Science, Cybersecurity or related field required
• Master's Degree Information Security and Assurance, Computer Science, Cybersecurity or related field preferred
• Minimum 5+ years of extensive all-round experience in the field of Cybersecurity with expertise in security compliance and audit
• Knowledge of common information security management frameworks, such as ISO/IEC 27001 or related and NIST Cybersecurity Framework (NIST CSF).
• Familiarity with identity and access management (IAM), endpoint protection, SIEM, and vulnerability management systems.
• Proven experience in information security, particularly within auditing, compliance and risk management.
• Strong communication and interpersonal skills, including executive communication to senior leadership with focus towards building bridges with key collaborators.
• Strong critical thinking and problem-solving skills to resolve problems effectively and creatively while maintaining a high level of flexibility, professionalism, and integrity.
• Experience with cloud security, encryption technologies, and network security protocols preferred.
• Security compliance frameworks and audits - Cloud and infrastructure security controls
• Auditing/Assurance experience
• Risk assessment and remediation planning
• Analytical thinker with strong problem-solving skills.
• Detail-oriented with a strong focus on accuracy and the ability to manage multiple priorities.
• Strong understanding of policy and procedure development and implementation
• Preferred Certifications: CISSP, CISM, CISA, CRISC, Cloud (AWS or Azure)

Per applicable state requirements, the annual pay range for this position ($93,500 - $151,000) which consists of base salary (subject to performance), reflects the hiring range for candidates. Also note, an individual’s offer may vary from this range as it may be impacted by additional factors, including but not limited to the candidate's hiring location, qualifications, experience, and market factors.