Principal Product Compliance Engineer

About The Position

Requirements

• Bachelor of Computer Science, Bachelors of Information Security, or equivalent.
• 10+ years of experience in information security or equivalent and 5+ years of experience with delivering automation projects.
• 3-5 years of experience in creating data pipelines to automate internal compliance control measurement using system data and reports, and creating compliance dashboards to monitor implementation status.
• 3-5 years of experience in developing custom scripts to apply logic to test whether custom conditions are met as a means to measure control design and implementation status.

Nice To Haves

• Working knowledge of compliance regulations, such as NIST, GDPR, and other federal and commercial regulations and compliance programs.
• Experience running program and project management initiatives (e.g. organization-wide initiatives, large scale integration management).
• Expertise in software development or security engineering with strong skills in at least one programming language.
• Experience communicating complex concepts and developing communications for a wide variety of both technical and non-technical audiences.
• Experience influencing the design of new product and updated products and features to represent security interests and outcomes.
• Demonstrated success collaborating with cross-functional teams to drive results.
• Demonstrated experience orienting towards solutions in the context of competing perspectives.
• Capability to analyze software development processes, identify compliance risks, and propose practical solutions to mitigate these risks while ensuring business objectives are met.
• Experience conducting root cause analysis, developing corrective action plans based on findings, and influencing stakeholders to adopt solutions.
• Experience creating compliance documentation, such as procedures, process flow diagrams, threat models, and risk assessments.
• Demonstrated skills creating team-specific software development guidance to enable secure, rapid delivery of products and services.
• Strong commitment to continuous learning to stay up to date on industry trends, technologies, and best practices.
• CISSP or equivalent.
• Strong technical background, including experience in a variety of software development environments and methodologies.
• Experience architecting GRC, ticketing, or CRM tools.
• Experience building system and mechanisms to create a data pipeline of information used to monitor control status, and create control measurement used to verify implementation status.
• Experience building mechanisms to detect change conditions to enable change control process.
• Working knowledge of AI tools.

Responsibilities

• Build control and evidence automation to lessen the compliance burden.
• Aid in design and implementation of FedRAMP, NIST, and OWASP controls into the product development lifecycle.
• Ensure that all product features meet the rigorous compliance standards necessary for highly regulated industries.
• Create security and privacy control focused engineering specifications, user documentation, and other technical artifacts that convey compliant technical implementations.
• Ensure clarity and accessibility of documentation for both technical and non-technical stakeholders.
• Create and maintain compliance evidence for internal and external auditors.
• Develop processes to automate the generation of compliance evidence to streamline audit activities.
• Stay abreast of developments in regulatory standards and compliance best practices.
• Recommend and implement improvements to reduce the cost of compliance on teams.
• Continuously assess risk as part of the product change management process.
• Prioritize and address potential compliance gaps in collaboration with risk management and security teams.

Benefits

• Comprehensive medical, dental, vision, health savings account, flexible spending accounts (medical, limited purpose, dependent care, commuter benefit accounts).
• Basic and voluntary life and AD&D insurance.
• 401(k) with company match.
• Parental leave.
• Ability to participate in unlimited paid time off subject to the terms and conditions of the PTO policy, including 8 company wide holidays.
• Short and long-term disability insurance.
• Accident and critical illness insurance.
• Referral bonus policy.
• Employee assistance program.
• Pet insurance.
• Travel assistant program.
• Wellbeing and childcare discounts.
• Benefit advocates.
• Learning and development benefit.