Join our mission

Intuit is a global technology platform that helps our customers and communities overcome their most important financial challenges. We help give over 50 million consumer, small business, and self-employed customers around the world the opportunity to prosper.

Overview

Come join the Intuit Information Security Organization at Intuit! We are looking for an innovative professional to join a world class team.

The Intuit Information Security (IIS) organization is changing the way we look at security and compliance. As the compliance landscape expands with GDPR, NIST, etc., our need to scale to demonstrate compliance is becoming more critical within our internal environment as well as with our third parties. We are looking for a motivated, passionate Governance, Risk and compliance security compliance engineer who will be transforming the traditional check the box compliance process to an automated, on-demand demonstrable compliance model. This professional will improve and scale the regulatory and customer assurance compliance program by creating compliance dashboards, driving end to end compliance models, creating unified controls, testing the compliance environment for early signs of non-compliance, creating automated evidence to reduce the audit fatigue, while working cross functionally with our global business units and functional groups. This professional will be translating security frameworks technical controls into language for non-security team members to understand and implement, managing remediation of non-compliance to closure, managing exceptions to policies and creating security standards to comply with policies.

Intuit prides itself on being innovative, bold and passionate. This is an exciting position supporting our most important regulatory compliance like GDPR, PCI, ISO and NIST company priorities as we transform to a cloud environment. The security and compliance engineer has the opportunity to innovate in a cloud environment and re-imagine compliance working boundaryless across Intuit within the Intuit Information Security organization and with the business units as well as our functional group partners in IT, Legal, Privacy and Procurement.

What you'll bring

• BA/BS in Engineering, Computer Science, Information Systems or equivalent.
• 7+ years of experience in cross-functional security and compliance related projects
• Operational experience with public cloud environments and technologies such as Amazon Web Services or Google Cloud
• In-depth experience with regulatory and compliance frameworks such as PCI DSS, ISO27001, NIST 800-53, and SSAE16/SOC2
• Experience in auditing PCI-DSS, ISO27001, or other security frameworks preferred
• Experience in documenting Information Security Policies and Security Standards
• Proven expertise leading cross-functional teams building partnerships across multiple business units and executing effectively
• A self-motivated person who can influence and drive cross-functional, cross-geo teams, promoting timely and effective communication
• Certifications such as CISA, CISM, CISSP, or equivalent preferred.
• Ability to partner both the architect, engineering and legal/privacy groups.
• Ability to script using Python or other languages is a plus.
• Ability to work well with multi-disciplinary teams focusing on user and customer needs
• Ability to work in a fast paced and collaborative setting
• Must possess strong consulting, documentation and presentation skills
• Good organizational skills, proactive and self-sufficient with a proven ability to work independently and prioritize deliverables.
• Location: San Diego, Mountain View, or Plano

How you will lead

• Interact with senior leadership to support cross-functional security and compliance initiatives, including providing subject matter expertise over security processes for new and ongoing customer and regulatory requirements.
• Create and manage Unified Controls to address requirements from various regulatory frameworks (i.e. ISO 27001, SOC 1, SOC 2, NIST 800-53, PCI-DSS, etc.).
• Evangelize Unified Controls to drive control owner awareness and education to ensure controls are implemented, maintained and compliant.
• Develop scripts to automate compliance controls monitoring and other GRC functions
• Work across organizational boundaries to drive implementation of compliance requirements and security controls.
• Perform security and risk assessments across the organization to identify risks and non-compliance with security policies, and to report findings.
• Drive the creation, alignment with stakeholders, approval, and publishing of security compliance policies, security standards, and other security and compliance documentation.
• Ability to partner with architects, engineering teams, and legal/privacy groups to drive security and compliance initiatives.
• Create continuous view of compliance dashboards to bring risk visibility to leaders and ensure any impact to compliance is quickly reported
• Define metrics to demonstrate Intuit's compliance posture to senior leaders
• Partner across teams to define roadmaps, project plans, and ensure compliance deliverables or remediation plans remain on-track.
• Work well with others when conflicts arise: see opportunities, ensure alignment with objectives, find common ground and promote understanding of alternative viewpoints before driving for closure and cooperation.
• Manage process for tracking and reporting non-compliance to security policies and tracking exceptions to policies.
• Promote a security culture across Intuit