Senior Security Compliance Engineer
Current- Work with the engineering team closely to identify, coordinate and validate resolutions to technical issues related to compliance requirements. - Design and implement integrations with infrastructure platforms to monitor security posture. - Secure user access and appropriate permissioning across various platforms, including creating and managing Role-Based Access Control (RBAC) models, and integrating SSO/SCIM across platforms - Responsible for building out security and compliance training for everyone and role based training for relevant employees, including phishing and engineering training. - Ensures software development activities meet internal security policies as well as industry level standards including Secure Software Development Lifecycle, OWASP top 10 and SANs top 25 development requirements etc. - Functions as a subject matter expert in a wide variety of information security areas while specializing in internal compliance and external standards. - Assists in the development, implementation and maintenance of information security policy requirements, standards and guidelines, operation procedures and controls. Supports and assists the company's Information Security Management System (ISMS), 3rd party audits and compliance activities including but not limited to; ISO 27001, SOC2, EU-US Privacy Shield, GDPR, etc. - Supports security initiatives with engineering and development and works with product managers to identify, prioritize, and drive security goals and objectives throughout the business. - Collaborate with Engineering & IT to identify gaps in existing systems to improve security analysis, remediation, & monitoring capabilities. - Perform risk activities including vendor assessments, reviews and reporting, completing customer/prospect risk assessments. - Assists in vendor management activities including privacy impact assessments, vendor on/off-boarding etc.