Cybersecurity Engineer Risk & Compliance

Exciting News Were Moving!

As part of our continued growth and our commitment to fostering an exceptional collaborative work environment were thrilled to announce that our office will be relocating to a brand-new building at 2000 Innovation Drive Wexford PA 15090 at the beginning of this the meantime hybrid employees will continue working from our current location at RIDC OHara until the transition is complete.

Were excited about this next chapter and look forward to welcoming new team members to our growing organization!

This role will be instrumental in enhancing our security posture by managing SOC2 controls interpreting audit findings and aligning our cybersecurity strategy with industry standards such as NIST Cybersecurity Framework (CSF) and CIS Controls. The ideal candidate will also have deep experience in protecting sensitive customer data and ensuring compliance with partner and client security requirements.

Key Responsibilities:

• Lead the design implementation and maintenance of cybersecurity risk management programs.
• Manage and assess third-party/vendor risk including due diligence risk assessments and ongoing monitoring.
• Oversee and maintain SOC2 control environments including evidence collection control testing and remediation of findings.
• Ensure robust controls are in place to protect sensitive customer data including data classification encryption access controls and secure data handling practices.
• Collaborate with internal teams and external partners to meet partner security requirements including responding to security questionnaires audits and assessments.
• Map and align security controls to NIST CSF and CIS Controls ensuring continuous improvement and maturity of the cybersecurity program.
• Develop and maintain risk registers control matrices and compliance documentation.
• Provide expert guidance on risk mitigation strategies and security best practices.
• Monitor and report on cybersecurity metrics risk indicators and compliance status to leadership.
• Support incident response and business continuity planning from a risk and compliance perspective.
• Assist with other Cybersecurity tasks as needed.

Required Qualifications:

• Bachelors degree in Cybersecurity Information Technology or a related field.
• 2 years of experience in cybersecurity engineering with a focus on risk management and compliance.
• Deep understanding of the SOC2 framework including control design implementation and audit processes.
• Proven experience with NIST CSF and CIS Controls.
• Demonstrated experience managing controls around sensitive customer data and ensuring compliance with partner/client security requirements.
• Strong knowledge of third-party risk management practices and tools.
• Excellent analytical communication and documentation skills.

Preferred Skills:

• Familiarity with GRC platforms (e.g. Hyperproof OneTrust AuditBoard Archer ServiceNow GRC).
• Relevant certifications such as CRISC CGRC CISA or CISSP are highly desirable.
• Experience working in regulated industries (e.g. logistics transportation software).
• Knowledge of cloud security frameworks (e.g. AWS Well-Architected Azure Security Benchmark).
• Ability to translate technical risks into business impacts for non-technical stakeholders.

Required Experience:

IC