Security Compliance Engineer

$101K/yr - $168K/yr
Remote
Posted 2 weeks ago

Job Description

We are seeking a highly motivated Security Compliance Engineer to join our Cybersecurity and Governance team. The ideal candidate will be responsible for designing, implementing, and maintaining security controls that ensure compliance with industry regulations, cybersecurity frameworks, and organizational policies. You will work closely with Information Security, IT Operations, Cloud Engineering, Risk Management, and Internal Audit teams to strengthen the organization’s security posture and support compliance initiatives.

The successful candidate will have experience with cloud security, risk assessments, governance, security audits, vulnerability management, and regulatory compliance frameworks such as NIST, ISO 27001, SOC 2, HIPAA, PCI DSS, SOX, and CIS Controls.


Key Responsibilities

  • Design, implement, and maintain cybersecurity compliance programs across enterprise environments.
  • Assess security controls against industry frameworks including NIST CSF, ISO/IEC 27001, SOC 2, PCI DSS, HIPAA, SOX, and CIS Controls.
  • Conduct internal security audits, compliance assessments, and risk evaluations.
  • Develop and maintain security policies, standards, procedures, and technical documentation.
  • Collaborate with cloud, infrastructure, DevOps, and application teams to ensure secure system configurations.
  • Support external audits and regulatory examinations by preparing compliance evidence and documentation.
  • Monitor compliance with security policies, regulatory requirements, and contractual obligations.
  • Perform vendor and third-party security risk assessments.
  • Coordinate remediation efforts for audit findings, vulnerabilities, and compliance gaps.
  • Review Identity and Access Management (IAM), Privileged Access Management (PAM), encryption, and data protection controls.
  • Evaluate cloud security configurations across AWS, Microsoft Azure, and Google Cloud Platform.
  • Work with Security Operations (SOC) teams to ensure compliance of security monitoring and incident response processes.
  • Track compliance metrics and generate executive reports and dashboards.
  • Stay current with evolving cybersecurity regulations, industry standards, and emerging threats.

Required Qualifications

  • Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, Information Systems, or a related field.
  • 3+ years of experience in cybersecurity, information security, IT compliance, GRC, or security auditing.
  • Strong knowledge of cybersecurity governance, risk management, and compliance principles.
  • Experience with security frameworks such as NIST CSF, ISO/IEC 27001, SOC 2, PCI DSS, HIPAA, SOX, and CIS Controls.
  • Experience conducting security assessments and compliance audits.
  • Familiarity with cloud security platforms including AWS, Azure, and Google Cloud.
  • Understanding of Identity and Access Management (IAM) and Zero Trust security concepts.
  • Strong analytical, documentation, and communication skills.

Preferred Qualifications

  • Experience with Governance, Risk, and Compliance (GRC) platforms such as Archer, ServiceNow GRC, OneTrust, or AuditBoard.
  • Knowledge of SIEM tools including Splunk, Microsoft Sentinel, IBM QRadar, or LogRhythm.
  • Experience with vulnerability management tools such as Nessus, Qualys, or Tenable.
  • Familiarity with DevSecOps, CI/CD security, container security, and Kubernetes.
  • Experience with third-party risk management and vendor security assessments.
  • Knowledge of data privacy regulations such as GDPR and CCPA.
  • Experience supporting FedRAMP or CMMC compliance is a plus.

Technical Skills

Cybersecurity & Compliance

  • Security Compliance
  • Governance, Risk & Compliance (GRC)
  • Risk Assessment
  • Security Auditing
  • Internal Controls
  • Information Security
  • IT General Controls (ITGC)
  • Third-Party Risk Management

Compliance Frameworks

  • NIST Cybersecurity Framework (CSF)
  • ISO/IEC 27001
  • SOC 2
  • PCI DSS
  • HIPAA
  • SOX (Sarbanes-Oxley)
  • CIS Controls
  • COBIT
  • GDPR (Preferred)
  • CCPA (Preferred)

Cloud Security

  • Amazon Web Services (AWS)
  • Microsoft Azure
  • Google Cloud Platform (GCP)

Security Tools

  • Microsoft Sentinel
  • Splunk
  • IBM QRadar
  • CrowdStrike
  • Microsoft Defender
  • Nessus
  • Qualys
  • Tenable

GRC Platforms

  • ServiceNow GRC
  • RSA Archer
  • AuditBoard
  • OneTrust

Identity & Access Security

  • Active Directory
  • Identity & Access Management (IAM)
  • Privileged Access Management (PAM)
  • Multi-Factor Authentication (MFA)
  • Single Sign-On (SSO)

Other Technologies

  • PowerShell
  • Python (Basic Automation)
  • SQL
  • Git
  • Jira
  • Confluence

Preferred Certifications

  • Certified Information Systems Security Professional (CISSP)
  • Certified Information Security Manager (CISM)
  • Certified Information Systems Auditor (CISA)
  • Certified in Risk and Information Systems Control (CRISC)
  • CompTIA Security+
  • ISO/IEC 27001 Lead Implementer or Lead Auditor
  • Certified Cloud Security Professional (CCSP)
  • AWS Certified Security – Specialty
  • Microsoft Certified: Cybersecurity Architect Expert

Soft Skills

  • Strong analytical and critical thinking skills.
  • Excellent written and verbal communication.
  • Attention to detail and organizational skills.
  • Problem-solving and decision-making abilities.
  • Collaboration across technical and business teams.
  • Time management and project coordination.
  • Ability to manage multiple compliance initiatives.
  • High ethical standards and professional integrity.
  • Adaptability in a fast-changing regulatory environment.
  • Commitment to continuous learning.

Preferred Industries

  • Cybersecurity
  • Financial Services & FinTech
  • Healthcare & HealthTech
  • Cloud Computing
  • Information Technology
  • Government & Defense
  • Insurance
  • Telecommunications
  • E-commerce
  • Consulting

Benefits

  • Competitive salary with annual performance bonus.
  • Medical, dental, and vision insurance.
  • Paid time off (PTO) and paid holidays.
  • Flexible remote/hybrid work options.
  • Life and disability insurance.
  • Professional certification reimbursement.
  • Employee wellness and assistance programs.
  • Learning and development opportunities.
  • Career growth and leadership development programs.

Job Features

Job CategoryCyber Security

Apply For This Job

A valid phone number is required.