Senior Security Compliance Engineer

What You Will Do as a Senior Security Compliance Engineer:

• Conduct Compliance Risk Assessments / Compliance Impact Assessments ( CIA) of cloud-based applications against all control domains (NIST or similar)
• Analyze project documentation like architecture diagrams and conduct interviews to perform risk and gap assessment
• Determine the impact of new projects/changes on the security & compliance posture of the organization.
• Conduct compliance assessments for complex systems including AI systems and identify and assess correlated risks
• Provide compliance and control requirements to new projects
• Provide compliant implementation standards/ best practices to achieve control requirements
• Integrate compliance and security into solution designs
• Assess risks of security gaps, and develop remediation plans. Perform follow-up activities related to driving remediation efforts.
• Support design and implementation of automated tools for compliance. Design self-service-oriented solutions for scaling compliance operations and deriving repeatable audit artifacts.
• Provide Audit Support as required. Engage with Engineering teams for readiness assessments, testing, and control review for annual and ongoing compliance audits (like ISO, SOC, PCI, HIPAA). Provide compliance consultation to design effective and complaint processes.
• Identify risks, process improvements, and design automated monitoring solutions for control areas like Change Management, Release Management,  SDLC, Configuration Management, Logging, Software Supply Chain, Encryption, Monitoring etc. Drive implementation of effective controls.
• Assess and provide compliance requirements on data protection techniques and secure data handling practices
• Perform Vendor Security Assessments as part of the third party risk management program.
• Assist with the development of compliance documentation, policies, and processes in support of requirements and ensure that controls are operating effectively.
• Develop a close partnership with engineering to educate and inform them about the priority and importance of compliance requirements.
• Ability to identify risk-appropriate control implementation solutions while considering engineering and business priorities with compliance needs.
• Work cross-functionally to drive security control implementation for the organization.

Who you are:

• 7+ years of related work experience in Information Security Governance, Risk, and Compliance (GRC) or relevant Compliance roles in the tech industry. Big 4 consulting experience is a plus.
• Minimum 3 years prior experience auditing cloud environments (AWS, Azure, and GCP), performing compliance assessments, conducting risk assessments, and/or driving audits like ISO, SOC, PCI DSS, HIPAA
• Knowledge of AI Security and Compliance Frameworks
• Knowledge of AI-specific Security Threats and Vulnerabilities
• Ability to multitask and manage simultaneous projects
• Ability to organize, conduct, and drive meetings and outcomes independently. Must be aware of and deliver quality stakeholder engagement experience in a fast-paced, innovative environment
• Strong analytical, communication (verbal and written), and project management skills
• Ability to learn, understand, and work with new emerging technologies, methodologies, and solutions in the Cloud/IT technology space.
• Certification preferred in one or more of the following: CISA, CISSP, CISM, Cloud platforms such as AWS, Azure or GCP
• Familiarity with regulatory requirements and standards related to AI and Data security
• Ability to guide in implementing security compliance AI measures and machine learning systems