Information Systems Engineer - Compliance

Key Responsibilities

Compliance Program Management

• Support the development, implementation, and maintenance of compliance programs and frameworks for products and services, including contributing to policies, standards, and control requirements.

• Monitor changes in regulatory, security, and privacy requirements (e.g., SOC 1/SOC 2, ISO 27001/27017/27018, HIPAA, PCI) and assess their impact on product offerings.

• Coordinate readiness activities to support compliance with external audits and customer assessments.

Audit Planning & Execution

• Lead or support internal and external audits related to product and service operations.

• Conduct control testing, evidence collection, walkthroughs, and remediation validation.

• Prepare audit deliverables, respond to auditor inquiries, and ensure timely closure of audit findings.

Cross-Functional Collaboration

• Independently manage and prioritize multiple security compliance projects, providing regular updates and data presentations to stakeholders.

• Organizes, leads and facilitates cross-functional project teams.

• Technical or business consulting resource to business level managers and control owners.

• Develops metrics that provide data for process measurement, identifying indicators for future improvement opportunities.

• Partner with Product, Engineering, Security, Legal, Risk, and Operations teams to ensure compliance is embedded throughout the product lifecycle.

• Support product launches by evaluating compliance requirements and identifying control gaps.

• Provide guidance to teams on developing compliant processes and documentation.
   

Risk & Issue Management

• Identify compliance risks across products and services and drive remediation plans.

• Maintain risk registers, track mitigation progress, and report status to leadership.

• Support root-cause analysis for compliance failures and propose long-term corrective actions.
   

Customer & Stakeholder Support

• Assist with customer due-diligence questionnaires, RFPs, and contract compliance inquiries.

• Create and maintain compliance documentation such as control matrices, audit reports, FAQs, and standard responses.

• Present compliance posture and audit outcomes to internal leadership and external customers.

Skills & Experience

• Bachelor’s degree in Information Security, Business, Audit, Risk Management, or related field.

• 8+ years of experience in compliance, audit, risk management, or product governance.

• Strong understanding of security, privacy, and compliance frameworks (SOC, ISO, NIST, etc.).

• Proven experience project managing security compliance audit or certification projects.

• Ability to quickly grasp complex technical concepts and make them easily understandable.

• Experience supporting or conducting audits (internal, external, or customer audits).

• Excellent analytical, documentation, and communication skills.

• Ability to work cross-functionally and manage multiple projects simultaneously.

Preferred Qualifications

• Professional certifications (e.g., CISA, CISSP, CRISC, CIPP, ISO Lead Auditor).

• Experience in SaaS or cloud-based product environments.

• Technical familiarity with cloud platforms, DevOps, and security controls.

• Experience with GRC tools (e.g., Archer, ServiceNow GRC, OneTrust).

Key Competencies

• Will champion significant projects, programs and business initiatives using demonstrated

• creativity and ingenuity.

• Strong problem-solving and risk analysis.

• Ability to interpret regulations and translate into actionable requirements.

• Project management and organizational skills.

• Leads major projects.

• Consults with management on long-range goals.

• Escalation point for complex issues.

• High attention to detail with ability to meet deadlines.

• Collaborative mindset with the ability to influence without authority.

• Self-starter, takes initiatives and drives to completion.