Information Security Officer creating security policies and managing security teams to protect Paytient. Collaborating with internal and external teams to ensure compliance and security posture.
About the role
- Security Compliance Engineer leading security compliance and audit activities for SaaS cybersecurity products. Collaborating across teams to ensure effective compliance and continuous improvement.
Responsibilities
- Translate ESG business objectives into actionable GRC strategies, leveraging deep product and team process understanding to create clear compliance strategies.
- Facilitate and complete all product certification activities, including financial stewardship and contract reviews as needed.
- Achieve and maintain certifications, proactively identifying and mitigating risks for continuous compliance.
- Support the ESG Product Security (ProdSec) team in security compliance activities (risk assessment, secure software development), providing expert guidance to enhance overall security posture.
- Author and maintain required certification documents.
- Communicate and translate certification requirements (ISO, SSAE 18, NIST, etc.) to engineering teams, providing expert guidance.
- Maintain current understanding of regulations; interpret and communicate changes and their implications to stakeholders.
- Track milestones, proactively manage risks, and drive solutions to completion.
- Drive completion of any customer supplier risk requests by leveraging existing information and resources.
- Monitor schedule deviations and develop corrective actions.
- Coordinate cross-timezone team activities, including occasional off-hours interaction.
- Lead the identification, evaluation, and implementation of automation tools and processes for security compliance activities, including evidence collection, control validation, and reporting.
- Develop and implement technical strategies for efficient and accurate evidence gathering, ensuring data integrity and audit readiness.
- Collaborate with engineering, ProdSec, and InfoSec teams to integrate security compliance requirements into CI/CD pipelines and automated testing frameworks.
- Identify opportunities for proactive risk identification and mitigation strategies across product lines, influencing product development and operational practices.
- Exercise good judgment in achieving compliance objectives and resolving audit findings.
- Independently manage and prioritize multiple security compliance projects, providing regular updates and data presentations to stakeholders.
Requirements
- Bachelor's degree and 8+ years of progressive experience in security compliance, audit, or program management, with a strong emphasis on cybersecurity products.
- Self-starter with Driver personality.
- Cybersecurity background, particularly cloud security.
- Proven experience project managing security compliance audit or certification projects.
- Ability to quickly grasp complex technical concepts and make them easily understandable.
- Ownership of delivery for planned, high-risk, and complicated projects.
- Driving projects from conception (planning) to completion (release).
- Ability to parse compliance language and translate into layman's terms.
- Coordinating audit activities, including evidence gathering and redaction.
- Demonstrated experience with scripting languages (e.g., Python, PowerShell) for automation of GRC processes (such as evidence gathering).
- Demonstrated ability to work autonomously and manage multiple priorities effectively in a fast-paced environment.
Benefits
- Medical, dental and vision plans
- 401(K) participation including company matching
- Employee Stock Purchase Program (ESPP)
- Employee Assistance Program (EAP)
- company paid holidays
- paid sick leave and vacation time
- Paid Family Leave and other leaves of absence.
Job title
Job type
Experience level
Salary
Degree requirement
Tech skills
Location requirements
Supplier Manager focused on Microsoft Security products at Arrow. Develops strategies to enhance sales and market share while collaborating with Microsoft and sales teams.
IT Infrastructure and Security Administrator at B&O Bau, managing IT security and infrastructure. Collaborating on innovative projects across multiple German locations.
Associate Director of Security Awareness at Fitch Group responsible for cybersecurity training and employee engagement. Designing and executing awareness programs to promote security compliance across the organization.
Information Security Administrator assessing military clients' cyber risks and compliance with security policies. Collaborating on mitigation plans and guiding clients to secure their mission - critical systems.
Enterprise Security Architect coordinating system solutions and implementations for secure cloud technologies at Freeport - McMoRan. Assessing technology needs and leading improvements in cloud security.
Cyber Security Metrics & Automation Analyst enhancing AES's Cyber Security effectiveness through metrics and automation solutions. Collaborating with teams to develop dashboards and streamline operations across domains.
SOC Team Lead managing Security Operations Center analysts. Leading cyber threat intelligence and incident response initiatives for Florida state government.
IT - Security Administrator managing IT security components and incident response processes for healthcare IT. Collaborating on security projects and maintaining compliance with ISO 27001.
Senior Cybersecurity Engineer at GDIT responsible for developing and implementing IT security solutions. Architecting security programs and leading Cybersecurity initiatives in defense and intelligence sectors.