Sr Security and Compliance Engineer

About The Position

Requirements

• Bachelor's degree and 8+ years of progressive experience in security compliance, audit, or program management, with a strong emphasis on cybersecurity products.
• Self-starter with Driver personality.
• Cybersecurity background, particularly cloud security.
• Proven experience project managing security compliance audit or certification projects.
• Ability to quickly grasp complex technical concepts and make them easily understandable.
• Ownership of delivery for planned, high-risk, and complicated projects.
• Driving projects from conception (planning) to completion (release).
• Ability to parse compliance language and translate into layman's terms.
• Coordinating audit activities, including evidence gathering and redaction.
• Demonstrated experience with scripting languages (e.g., Python, PowerShell) for automation of GRC processes (such as evidence gathering).
• Demonstrated ability to work autonomously and manage multiple priorities effectively in a fast-paced environment.

Nice To Haves

• Knowledge of regulation/laws in subject area, ability to recognize implications of changes.
• Senior-level experience with software development practices, particularly secure development practices.
• Can understand/create architecture diagrams and data flows.
• Familiarity with GRC automation platforms and tools (e.g., ServiceNow GRC, Anecdotes, Archer).
• Experience with data analysis and visualization tools to present compliance metrics and audit findings effectively.
• Hands-on experience with cloud security technologies and automation in GCP

Responsibilities

• Translate ESG business objectives into actionable GRC strategies, leveraging deep product and team process understanding to create clear compliance strategies.
• Facilitate and complete all product certification activities, including financial stewardship and contract reviews as needed.
• Achieve and maintain certifications, proactively identifying and mitigating risks for continuous compliance.
• Support the ESG Product Security (ProdSec) team in security compliance activities (risk assessment, secure software development), providing expert guidance to enhance overall security posture.
• Author and maintain required certification documents.
• Communicate and translate certification requirements (ISO, SSAE 18, NIST, etc.) to engineering teams, providing expert guidance.
• Maintain current understanding of regulations; interpret and communicate changes and their implications to stakeholders.
• Track milestones, proactively manage risks, and drive solutions to completion.
• Drive completion of any customer supplier risk requests by leveraging existing information and resources.
• Monitor schedule deviations and develop corrective actions.
• Coordinate cross-timezone team activities, including occasional off-hours interaction.
• Lead the identification, evaluation, and implementation of automation tools and processes for security compliance activities, including evidence collection, control validation, and reporting.
• Develop and implement technical strategies for efficient and accurate evidence gathering, ensuring data integrity and audit readiness.
• Collaborate with engineering, ProdSec, and InfoSec teams to integrate security compliance requirements into CI/CD pipelines and automated testing frameworks.
• Identify opportunities for proactive risk identification and mitigation strategies across product lines, influencing product development and operational practices.
• Exercise good judgment in achieving compliance objectives and resolving audit findings.
• Independently manage and prioritize multiple security compliance projects, providing regular updates and data presentations to stakeholders.

Benefits

• Medical, dental and vision plans
• 401(K) participation including company matching
• Employee Stock Purchase Program (ESPP)
• Employee Assistance Program (EAP)
• company paid holidays
• paid sick leave and vacation time