We are looking for a Security Engineer who will contribute to establishing and maturing our control environment. Here you will lead evidence collection/documentation in support of internal and external audits, monitoring activities, and remediation follow-up with customers and prospects.

The Role:

In this role, you’ll be a key member of the company’s Information Security and Compliance Team by supporting ongoing compliance activities and monitoring efforts across different regulations and standards(GDPR, SOC 2, ISO/IEC, HIPAA, etc.).

What you'll do

• Manage operational, regulatory, and certification security requirements (SOC requirements) to ensure the successful completion of compliance audits
• Work closely with the InfoSec teams to automate procedural and technical compliance controls
• Guide technical and operational decision-making towards future product offerings and efficient organizational processes
• Partner with engineers to interpret and map compliance requirements to product implementation
• Engage with (internal and external) subject matter experts in order to develop, edit, and revise documentation including standard operating procedures, system security plans, and policies and procedures
• Review existing IT compliance controls for regulatory updates against FSSC, FFIEC, GLBA, and NIST frameworks.

Requirements

• At least two years of Compliance or Audit experience working with Industry regulations and standards (SOC 2, PCI, GDPR, ISO/IEC 27001, HIPAA)
• Familiarity with compliance and risk management frameworks, such as SOC 2, SOX, ISO/IEC 27001, PCI, GDPR, Cloud Computing Security Requirements Guide (SRG)
• Experience with Terraform and AWS
• A deep understanding of cloud infrastructure and security concepts
• Demonstrated strong project management skills with experience managing and reporting on multiple inflight projects at any one given time
• Excellent communication skills in English.
• Proficiency with security concepts (encryption, authentication, etc.) and tooling for continuous monitoring
•  The ability to clearly communicate compliance requirements to internal engineering teams and associated implementation to external customer

Bonus:

• Knowledge and experience with FedRAMP and NIST
• Fluency in Spanish
• Experience automating with Ansible