Sr. Security Compliance Engineer

About The Position

Requirements

• Bachelor’s degree in Cybersecurity, Information Technology, Business, or a related field (or equivalent work experience).
• 3–6 years of experience in compliance, risk management, or information security, preferably in a multinational organization.
• Knowledge of global security and compliance frameworks, including SOC 2, FedRAMP, NIST 800-53, ISO 27001, HIPAA, PCI-DSS, GDPR, NIS2, and SOX.
• Experience with GRC platforms and compliance automation tools.
• Strong analytical and problem-solving skills with high attention to detail.
• Excellent written and verbal communication skills.
• Ability to work independently and manage multiple global compliance projects simultaneously.

Nice To Haves

• Professional certifications such as CISA, CRISC, CISSP, CIPP/E, CCSK, or other relevant compliance/security credentials.
• Experience supporting compliance initiatives in AWS, Azure, or GCP environments.
• Familiarity with EU data protection regulations and international audit standards.
• Experience using compliance tools such as ServiceNow, Vanta, Drata, OneTrust, or similar platforms.
• Demonstrated ability to develop multilingual documentation and training materials for diverse regional teams.

Responsibilities

• Develop, implement, and maintain global compliance policies and procedures aligned with both U.S. and EU regulations.
• Monitor and assess compliance with internal security controls, industry standards, and international regulatory requirements.
• Conduct risk assessments and compliance audits, identifying gaps and recommending remediation plans across multiple jurisdictions.
• Collaborate with cross-functional teams—including IT, Security, Legal, and regional compliance leads—to support global security governance, risk, and compliance (GRC) initiatives.
• Support third-party audits (SOC 2, FedRAMP, ISO 27001, PCI-DSS, HIPAA, GDPR, NIS2, and other EU-specific frameworks), preparing evidence and managing auditor communications.
• Maintain compliance documentation in multiple languages (English, Italian, Spanish, French) and track controls, exceptions, and remediation actions.
• Stay current with evolving global compliance regulations (e.g., EU Cybersecurity Act, Data Governance Act, Digital Operational Resilience Act) and recommend updates to policies and controls.
• Assist in vendor and supply chain risk management, ensuring third-party compliance with regional standards (GDPR, NIS2).
• Conduct multilingual security and compliance awareness training across global teams.
• Support the vulnerability management program, including remediation tracking and reporting of findings across all regions.

Benefits

• Competitive compensation
• Comprehensive benefits
• Opportunities for professional development