Senior Security Assurance Engineer - Regulatory Compliance

MathWorks•Natick, MA

3d•Hybrid

About The Position

Join MathWorks as a key player in safeguarding our organization's regulatory compliance and risk posture! In this dynamic role, you'll translate evolving regulatory requirements into actionable technical solutions for both cloud and on-premises environments, champion external certification efforts, and lead organizational training initiatives. You'll independently assess cybersecurity risks, shape our risk management strategy, and ensure that our compliance program aligns with industry best practices. Your expertise will drive the accuracy and clarity of risk and compliance reporting, help identify systemic gaps, and deliver actionable insights to leadership—making a direct impact on MathWorks' security and regulatory excellence. MathWorks nurtures growth, appreciates inclusivity, encourages initiative, values teamwork, shares success, and rewards excellence.

Requirements

A bachelor's degree and 6 years of professional work experience (or a master's degree and 3 years of professional work experience, or a PhD degree, or equivalent experience) is required.
Experience with software development processes.
Practical experience with policy and regulatory mandates such as SOC 1/SOC 2, CSA-CCM, ISO27001/27002/22301/27017/42001, GDPR, CCPA, PCI-DSS, the NIST Risk Management Framework, and associated standards such as NIST SP(s) 800-34/800-53 Revision 5/800-171, FedRAMP, CMMC 2.0;
Exceptional communication skills including clear and concise writing, an engaging presentation style, and group facilitation.
Strong teamwork skills with a demonstrated ability to collaborate across teams and roles.

Responsibilities

Regulatory Compliance: Stay on top of industry knowledge and changing regulatory landscape to identify impact to MathWorks
Provide subject matter expertise in translating security, regulatory, and compliance requirements into technical requirements and implementing effective solutions for cloud and on-premises environments
Verify that regulatory changes are correctly interpreted, incorporated into standards, and consistently implemented across relevant processes and teams.
Drive external certification/attestation efforts to support regulatory compliance.
Identify organizational training needs for topics involving regulatory compliance and risk management.
Risk Management: Independently review and validate cybersecurity risk assessments and vulnerability analyses to confirm that methodologies, inputs, and conclusions meet defined security standards.
Evaluate the changing operating landscape and determine its impacts on organizational risks, obligations and external expectations; recommend changes to risk approach to ensure consistency with current security best practices
Assess the quality and completeness of risk identification for cloud-hosted services and on-premises environments, and verify that mitigation recommendations are appropriate, actionable, and tracked to closure.
Develop and implement a risk-based IT/Information Security/Privacy compliance program to ensure adherence to key regulatory requirements/expectations and industry best practices
Reporting: Define and maintain quality criteria for risk and compliance reporting, including data integrity checks and documentation of assumptions.
Review and validate risk analysis reports, dashboards, and metrics to ensure accuracy, clarity, and consistency prior to distribution to management and stakeholders.
Track and analyze recurring issues, audit findings, and defects related to regulatory compliance and risk management to identify systemic gaps, and periodically report insights to management.