Senior Cybersecurity Compliance Engineer

The Senior Cybersecurity Compliance Engineer is the customer-facing role of the Information Security team and is responsible for supporting customers and prospects with security questions for their due diligence

The Senior Cybersecurity Compliance Engineer will help improve processes, manage documentation libraries, and security-related deliverables for customers; contribute to the Workiva Platform security by identifying short-term and long-range customer needs to foster customer trust; and manage customer and prospect assessments and audits in line with regulatory compliance and industry standards

What You’ll Do

• Foster Customer trust by managing and improving processes, and security related Customer deliverables

• Educate Customers and Prospects on Workiva’s infrastructure and security framework; built upon the underlying NIST and ISO frameworks

• Collaborate with internal stakeholders, including sales, product development, and legal team to address security related inquiries and concerns

• Provide security information, recommendations and implement directives within other areas of Workiva

• Identify and manage short-term and long-range issues and concerns of Customers to improve Workiva’s security and compliance

• Prioritize and delegate the fulfillment of security requests from Customers and compliance areas; including questionnaires, RFPs and contract reviews

• Mark up security related terms in contracts with Customers

• Stay up to date on existing and upcoming security and privacy regulations/standards across the globe, specifically in the APAC region

• Oversee the execution of security assessments for new technologies, third-party vendors, and acquisitions

• Collaborate with stakeholders during the due diligence process to ensure that Prospects and Customers are provided with information that instills their trust in the Workiva Platform Serve as the face of security for Information Security

• Influence and drive third-party risk management best practices for Workiva

• Determine analytical methods for audits, assessments, and data gathering

• Assess existing security controls, and provide consulting on industry best practices

• Collaborate with stakeholders on best practices; improving skills and overcoming challenges

• Mentor other team members on security

• Manage multiple projects, while working with stakeholders

What You'll Need

• Strong understanding of Cybersecurity frameworks, regulations, and standards (FedRAMP, NIST, ISO 27001, GDPR, SOC, etc.) and their application in business context

• Strong planning and organizational skills; project management experience is a plus

• Strong attention to detail and ability to prioritize multiple projects

• Excellent verbal, written, and interpersonal communication skills

• Ability to influence at all levels and in various departments

• Ability to set priorities, meet deadlines, and manage multiple projects in a fast-paced, changing environment

• Exceptionally strong personal integrity, and ability to professionally handle confidential matters while showing an appropriate level of good judgment and maturity

• Possess strong technical acumen

Minimum Qualifications

• Typically requires a minimum of 4 years of related experience with a Bachelor's degree; or 2 years and a Master's degree; or a PhD without experience

Preferred Qualifications

• To manage clients based in Japan, fluency in spoken and written Japanese is preferred but not required

• Security or compliance experience in a SaaS environment and/or heavily regulated environment

• Knowledge of TPRM ( Third-Party Risk Management), SOX (Sarbanes-Oxley Act) Reporting

• Knowledge of NIST Framework, ISO framework and GRC processes

• Cloud Security Experience

• Understanding of SOC 1 and 2

• Experience with Loopio preferred

• Background in both accounting and cybersecurity preferred

• Prior knowledge and understanding of relevant legal and regulatory requirements, such as Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry/Data Security Standard (PCI DSS), SANS and ISO27001, FFIEC, MAS, DORA, GDPR, etc.

• Prior knowledge and understanding of common information security management frameworks such as HITRUST, ISO, IEC27001, ITIL, COBIT

• Regulatory audits a plus

• Knowledge in Procurement and sourcing also desired

#LI-A1