Information Systems Engineer - Compliance

About The Position

Requirements

• Bachelor’s degree in Information Security, Business, Audit, Risk Management, or related field.
• 8+ years of experience in compliance, audit, risk management, or product governance.
• Strong understanding of security, privacy, and compliance frameworks (SOC, ISO, NIST, etc.).
• Proven experience project managing security compliance audit or certification projects.
• Ability to quickly grasp complex technical concepts and make them easily understandable.
• Experience supporting or conducting audits (internal, external, or customer audits).
• Excellent analytical, documentation, and communication skills.
• Ability to work cross-functionally and manage multiple projects simultaneously.

Nice To Haves

• Professional certifications (e.g., CISA, CISSP, CRISC, CIPP, ISO Lead Auditor).
• Experience in SaaS or cloud-based product environments.
• Technical familiarity with cloud platforms, DevOps, and security controls.
• Experience with GRC tools (e.g., Archer, ServiceNow GRC, OneTrust).

Responsibilities

• Compliance Program Management Support the development, implementation, and maintenance of compliance programs and frameworks for products and services, including contributing to policies, standards, and control requirements.
• Monitor changes in regulatory, security, and privacy requirements (e.g., SOC 1/SOC 2, ISO 27001/27017/27018, HIPAA, PCI) and assess their impact on product offerings.
• Coordinate readiness activities to support compliance with external audits and customer assessments.
• Audit Planning & Execution Lead or support internal and external audits related to product and service operations.
• Conduct control testing, evidence collection, walkthroughs, and remediation validation.
• Prepare audit deliverables, respond to auditor inquiries, and ensure timely closure of audit findings.
• Cross-Functional Collaboration Independently manage and prioritize multiple security compliance projects, providing regular updates and data presentations to stakeholders.
• Organizes, leads and facilitates cross-functional project teams.
• Technical or business consulting resource to business level managers and control owners.
• Develops metrics that provide data for process measurement, identifying indicators for future improvement opportunities.
• Partner with Product, Engineering, Security, Legal, Risk, and Operations teams to ensure compliance is embedded throughout the product lifecycle.
• Support product launches by evaluating compliance requirements and identifying control gaps.
• Provide guidance to teams on developing compliant processes and documentation.
• Risk & Issue Management Identify compliance risks across products and services and drive remediation plans.
• Maintain risk registers, track mitigation progress, and report status to leadership.
• Support root-cause analysis for compliance failures and propose long-term corrective actions.
• Customer & Stakeholder Support Assist with customer due-diligence questionnaires, RFPs, and contract compliance inquiries.
• Create and maintain compliance documentation such as control matrices, audit reports, FAQs, and standard responses.
• Present compliance posture and audit outcomes to internal leadership and external customers.

Benefits

• Medical, dental and vision plans
• 401(K) participation including company matching
• Employee Stock Purchase Program (ESPP)
• Employee Assistance Program (EAP)
• company paid holidays
• paid sick leave and vacation time