Information Systems Engineer Compliance

Key Responsibilities

Compliance Program Management

• Support the development implementation and maintenance of compliance programs and frameworks for products and services including contributing to policies standards and control requirements.

• Monitor changes in regulatory security and privacy requirements (e.g. SOC 1/SOC 2 ISO 27001/27017/27018 HIPAA PCI) and assess their impact on product offerings.

• Coordinate readiness activities to support compliance with external audits and customer assessments.

Audit Planning & Execution

• Lead or support internal and external audits related to product and service operations.

• Conduct control testing evidence collection walkthroughs and remediation validation.

• Prepare audit deliverables respond to auditor inquiries and ensure timely closure of audit findings.

Cross-Functional Collaboration

• Independently manage and prioritize multiple security compliance projects providing regular updates and data presentations to stakeholders.

• Organizes leads and facilitates cross-functional project teams.

• Technical or business consulting resource to business level managers and control owners.

• Develops metrics that provide data for process measurement identifying indicators for future improvement opportunities.

• Partner with Product Engineering Security Legal Risk and Operations teams to ensure compliance is embedded throughout the product lifecycle.

• Support product launches by evaluating compliance requirements and identifying control gaps.

• Provide guidance to teams on developing compliant processes and documentation.
  

Risk & Issue Management

• Identify compliance risks across products and services and drive remediation plans.

• Maintain risk registers track mitigation progress and report status to leadership.

• Support root-cause analysis for compliance failures and propose long-term corrective actions.
  

Customer & Stakeholder Support

• Assist with customer due-diligence questionnaires RFPs and contract compliance inquiries.

• Create and maintain compliance documentation such as control matrices audit reports FAQs and standard responses.

• Present compliance posture and audit outcomes to internal leadership and external customers.

Skills & Experience

• Bachelors degree in Information Security Business Audit Risk Management or related field.

• 8 years of experience in compliance audit risk management or product governance.

• Strong understanding of security privacy and compliance frameworks (SOC ISO NIST etc.).

• Proven experience project managing security compliance audit or certification projects.

• Ability to quickly grasp complex technical concepts and make them easily understandable.

• Experience supporting or conducting audits (internal external or customer audits).

• Excellent analytical documentation and communication skills.

• Ability to work cross-functionally and manage multiple projects simultaneously.

Preferred Qualifications

• Professional certifications (e.g. CISA CISSP CRISC CIPP ISO Lead Auditor).

• Experience in SaaS or cloud-based product environments.

• Technical familiarity with cloud platforms DevOps and security controls.

• Experience with GRC tools (e.g. Archer ServiceNow GRC OneTrust).

Key Competencies

• Will champion significant projects programs and business initiatives using demonstrated

• creativity and ingenuity.

• Strong problem-solving and risk analysis.

• Ability to interpret regulations and translate into actionable requirements.

• Project management and organizational skills.

• Leads major projects.

• Consults with management on long-range goals.

• Escalation point for complex issues.

• High attention to detail with ability to meet deadlines.

• Collaborative mindset with the ability to influence without authority.

• Self-starter takes initiatives and drives to completion.