Security Compliance Engineer

Team Description

Pendos mission is to help companies build great software. We believe that great software is also secure software! The Pendo Security Team is here to provide everyone at Pendo the resources that they need to keep the data we are entrusted with secure and to deliver products that are built with security and privacy by design.

Pendo is seeking a Security Compliance Engineer to join our growing team in Raleigh North Carolina. Reporting to our Senior Manager of Security Operations and Compliance you will be working on our compliancerelated programs including Third Party Risk Management SOC 2 PCI DSS StateRAMP and other global compliance frameworks. You will also work closely with engineering product corporate IT teams and other partners across the organization to achieve the goals of these programs. The ideal candidate is a passionate highly skilled information security expert who has a customerfocused mindset and is capable of quickly learning new technologies and creatively solving problems. The hiring level for this position will be determined by the selected candidates qualifications and experience and is expected to be either an associate (entry) or midlevel.

Responsibilities (what youll do):

• Provide analysis and implementation guidance based on frameworks such as the SOC 2 NIST 800 series StateRAMP ISO 27001 PCI DSS and other related compliance requirements and regulations
• Plan implement and maintain security controls to protect the confidentiality integrity and availability of data and information systems
• Work closely with engineering and product teams to deliver compliance requirements provide consultation and validate implementation
• Communicate compliance requirements deliverables and project status to stakeholders leaders and external partners
• Drive crossfunctional and validation of compliance deliverables
• Build execute and maintain continuous monitoring functions and deliverables
• Drive vulnerability remediation in accordance with compliance requirements
• Monitor performance metrics review logs and conduct periodic audits to verify the effectiveness of security controls
• Write edit and manage a wide variety of information security policies procedures and other documentation to meet compliance requirements

Qualifications (what you have):

• Demonstrated experience with one or more of the following:
• Working with compliance frameworks such as SOC 2 NIST SP 800 Series StateRAMP ISO 27000series PCI HIPAA etc.
• Collaborating with subject matter experts and developing editing and revising documentation including standard operating procedures system security plans (SSP) and policies and procedures
• Implementing continuous monitoring requirements Working with Thirdparty Assessment Organizations 3PAO)
• Third Party Risk Management programs that include onboarding assessments reporting and monitoring.
• Excellent verbal and written communication skills
• Strong understanding of security controls frameworks and practices
• Strong understanding of vulnerability management scanning tools and remediation
• Strong critical thinking and decisionmaking skills
• Strong customer service orientation
• Ability to selfmanage assigned project tasks
• Ability to work independently with minimal direction
• A growth mindset and love of learning new technologies

Additional Preferred Qualifications:

• Experience working in SaaS companies
• Experience with writing code to automate tasks
• Experience configuring and managing GRC platforms or similar for continuous monitoring through integrations with third party platforms.
• Familiarity with Cloud Service Providers such as Google Cloud Platform Amazon Web Services or Microsoft Azure
• Bachelors or Masters degree in Cybersecurity Computer Science Management of Information Systems or similar technical or businessrelated field
• One or more industryrecognized security certifications such as CISSP CISM CISA OSCP CEH or CSSK

Pendo Description:

Pendo was founded in 2013 by former product managers who combined their heads and hearts to build something they wanted but never had as product managers a simple way to understand and attack what truly drives product success. Our mission is to improve societys experience with software.

Come join one of the fastestgrowing startups supported by bestinclass institutions like Battery Ventures Salesforce Ventures Spark Capital and Meritech. You will gain experience in a diverse and exciting set of technologies and clients and have a real impact on Pendos future. Our culture is passionate dynamic and fun.

EEOC

We are an equal opportunity employer and believe having diverse teams where everyone brings their whole self to Pendo is key to our success. We welcome all people of different backgrounds experiences abilities and perspectives.

Accessibility

Pendo is committed to working with and providing access and reasonable accommodation to applicants with mental and/or physical disabilities. If you think you may require an accommodation for any part of the recruitment process please send a request to: All requests for accommodations are treated discreetly and confidentially as practical and permitted by law.

Compensation

Our salary ranges are based on paying competitively for our size and industry and are one part of many compensation benefits and other reward opportunities we provide.

The expected salary range for this role to be performed in Raleigh NC is $120000 $130000.

Individual pay rate decisions including offers made within and over the expected salary range are based on a number of factors including qualifications for the role experience level skillset and balancing internal equity relative to peers at the company.