Senior Security Assurance Engineer - Control Framework
About The Position
MathWorks has a hybrid work model that enables staff members to split their time between office and home. The hybrid model provides the advantage of having both in-person time with colleagues and flexible at-home life optimizations. Learn More: https://www.mathworks.com/company/jobs/resources/applying-and-interviewing.html#onboarding. Are you passionate about leading security governance and driving change management initiatives? Do you thrive on the challenge of designing, implementing, and enhancing security controls and procedures? If guiding organizations through transformative security improvements excites you, we want to hear from you! We are looking for a proactive, dynamic, and collaborative team member to drive industry-alignment of our internal security controls, and champion compliance through proactive audits, rigorous quality checks, and actionable solutions that improve the security of our products and infrastructure. MathWorks nurtures growth, appreciates inclusivity, encourages initiative, values teamwork, shares success, and rewards excellence.
Requirements
- A bachelor's degree and 6 years of professional work experience (or a master's degree and 3 years of professional work experience, or a PhD degree, or equivalent experience) is required.
- Experience with software development processes.
- Hands-on experience with definition and implementation of department / organizational security controls.
- Experience with performing internal process audits and process improvement work.
- Experience with / understanding of SOC 2, COBIT, ITIL, ISO, IT General Controls (ITGC), NIST 800-171, NIST 800-53, ISO 27001/2, NIST SSDF, and/or other industry standard control frameworks to document and assess Cybersecurity compliance.
- Exceptional communication skills including clear and concise writing, an engaging presentation style, and group facilitation.
- Strong teamwork skills with a demonstrated ability to collaborate across teams and roles.
Responsibilities
- Policy and Control Development: Establish quality criteria and review processes for information security policy and control development, ensuring consistency, clarity, and auditability before formal approval. Review and validate internal security policies and IT General Controls (ITGCs) against quality criteria to ensure they are complete, accurate, traceable, and aligned with NIST, CMMC, COBIT, and ISO 27001 requirements.
- Procedure Development: Partner cross-functionally to drive development and maintenance of internal standards and procedures that support an effective and efficient system of internal controls Evaluate whether documented procedures accurately reflect approved security policies and meet required quality standards. Verify that procedures are complete, actionable, and aligned with compliance frameworks, and provide feedback or required revisions to process owners.
- Control Implementation: Drive implementation of security controls and processes by engaging with process owners, control operators, and cross-functional stakeholders. Independently assess and verify the correct and consistent implementation of security controls across teams and systems. Conduct quality checks to confirm that implemented controls meet security requirements, are supported by appropriate evidence, and remain effective over time.
- Compliance Monitoring: Perform ongoing audits, spot checks, and control tests to assess the effectiveness, reliability, and sustainability of information security controls. Identify deviations, gaps, or process defects and ensure that remediation actions are clearly documented, assigned, completed, and validated. Drive and verify the effectiveness of corrective and preventive actions, ensuring that process improvements are implemented, documented, and sustained.
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
