Senior Information Security Compliance Engineer

Careers at Crestron•Rockleigh, NJ

5d•$93,500 - $151,000•Onsite

About The Position

At Crestron Electronics, Inc we build the technology that integrates technology. We are proud to be the largest and most recognized brand in automation and control solutions, and the premier technology partner for fortune 500 businesses globally. Our products’ are integrated into new high-tech commercial buildings’ to include some of the most exciting real estate throughout the world. Our clients include Google, Microsoft, Amazon, LinkedIn and many others. We are the leaders in the most exciting industry in the world! Our automation and control solutions for homes and buildings allow our clients to control entire environments with the push of a button, integrating systems such as Audio Visual, Lighting, Shading, Security, Building Management Systems and HVAC to provide greater comfort, convenience and security. Overview Senior Information Security Compliance Engineer is responsible for implementing and managing the organization’s security compliance initiatives to ensure consistency to regulatory requirements, internal policies, and industry standards. This role will work closely with multi-functional teams, including security operations, risk management, IT, legal, and audit, to ensure that security controls are effectively implemented, supervised, and continuously improved.

Requirements

Bachelor's Degree in Information Security and Assurance, Computer Science, Cybersecurity or related field required
Minimum 5+ years of extensive all-round experience in the field of Cybersecurity with expertise in security compliance and audit
Knowledge of common information security management frameworks, such as ISO/IEC 27001 or related and NIST Cybersecurity Framework (NIST CSF).
Familiarity with identity and access management (IAM), endpoint protection, SIEM, and vulnerability management systems.
Proven experience in information security, particularly within auditing, compliance and risk management.
Strong communication and interpersonal skills, including executive communication to senior leadership with focus towards building bridges with key collaborators.
Strong critical thinking and problem-solving skills to resolve problems effectively and creatively while maintaining a high level of flexibility, professionalism, and integrity.
Security compliance frameworks and audits - Cloud and infrastructure security controls
Auditing/Assurance experience
Risk assessment and remediation planning
Analytical thinker with strong problem-solving skills.
Detail-oriented with a strong focus on accuracy and the ability to manage multiple priorities.
Strong understanding of policy and procedure development and implementation

Nice To Haves

Master's Degree Information Security and Assurance, Computer Science, Cybersecurity or related field preferred
Experience with cloud security, encryption technologies, and network security protocols preferred.
Preferred Certifications: CISSP, CISM, CISA, CRISC, Cloud (AWS or Azure)

Responsibilities

Conduct regular security assessments and audits in collaboration with security architect
Supervise compliance across various IoT products and cloud platforms.
Coordinate internal and external audits and remediation tracking
Lead and support frameworks including NIST 800-53, ISO 27001, FedRAMP, GDPR, EU CRA
Implement and validate security policies, standards, and procedures in alignment with compliance obligations.
Support risk assessments by identifying gaps in security controls and proposing remediation plans.
Maintain and improve the cybersecurity policy framework.
Evaluate and recommend tools for control automation and monitoring
Collaborate with various platform teams to ensure technical security controls meet compliance requirements.
Participate in vendor and third-party risk assessments.
Continuously supervise security compliance metrics and key performance indicators (KPIs) for specific product families.
Experience in writing policy and process design for compliance programs.
Provide guidance on continuous improvement of the compliance monitoring program.