Compliance Engineer

About The Position

Requirements

• Develop automation to programmatically implement controls validations and evidence collections. Experience with Python or other programming and scripting languages is required.
• Work to align advanced technologies and Privacy by Design principles from the first stages of development and ensure that the data use meets established regulatory compliance needs.
• Strong understanding of Public Sector compliance security standards including NIST 800-53, SOC 2, CMMC, ISO, CyberEssentials UK, and other common compliance frameworks.
• Experience with leading a cloud-first SaaS company through the FedRAMP Moderate certification process.
• Strong focus on normalizing controls across frameworks and standards, with an eye toward improving maturity, scalability, and consistency over time, while looking beyond just “checking the box”.

Nice To Haves

• Privacy and GDPR experience is a plus.
• Security certifications (e.g., CISSP, CISM) are a plus.

Responsibilities

• Develop scalable and sustainable processes and tools for normalized controls, collecting audit evidence, monitoring controls, and conducting gap analyses.
• Manage TRM’s existing security compliance and certification lifecycle (e.g., SOC 2 Type II) while planning for and prioritizing future compliance needs.
• Develop a compliance program to achieve FedRAMP certification.
• Manage customer due diligence requests including developing and maintaining security collateral for customers (e.g., SIG, CAIQ).
• Conduct enterprise risk assessments and manage the risk registry.
• Develop a vendor risk management program.
• Identify areas for improvement based on input from customers, the go-to-market teams, and overall business objectives. Anticipate customer needs with respect to compliance and due diligence.