VCF Compliance Engineer

Please Note:

1. If you are a first time user, please create your candidate login account before you apply for a job. (Click Sign In > Create Account)

2. If you already have a Candidate Account, please Sign-In before you apply.

We’re looking for a Compliance Engineer who thrives at the intersection of security and compliance. In this role, you’ll support our security governance efforts by mapping technical controls to multiple regulatory frameworks, designing and maintaining compliance programs, and collaborating cross-functionally to ensure security best practices are operationalized across the organization. You'll play a key role in advancing our security posture while enabling compliance with key frameworks such as ISO 27001, NIST 800-53, PCI DSS, DORA, SOC 2, and others.

• Interpret and map technical security controls to industry-recognized compliance frameworks (ISO 27001, SOC 2, NIST 800-53, PCI DSS, DORA etc.).
• Collaborate with engineering, DevOps, and security teams to ensure implementation of security controls aligns with compliance requirements.
• Support audit readiness and coordinate internal and external security assessments and compliance audits.
• Develop and maintain security policies, standards, and procedures in alignment with best practices and regulatory requirements.
• Monitor and assess regulatory changes, translating them into actionable tasks and updated compliance objectives.
• Evaluate and integrate automated compliance tools (e.g., GRC platforms, CSPM solutions) to streamline evidence collection and control monitoring.
• Support risk assessments, vendor risk management, and third-party due diligence processes.
• Educate and promote security and compliance awareness across the organization.
• Generate compliance documentation and reports for leadership, customer collateral, and auditors.

• Bachelors and 12+ years of related experience, or a Masters degree and 10+ years of related experience
• Strong knowledge of compliance frameworks: ISO 27001, NIST 800-53, SOC 2, PCI DSS, etc.
• Familiarity with information security fundamentals, including risk management, access control, encryption, and secure software development lifecycle (SDLC).
• Experience with control design, implementation, and gap analysis.
• Understanding of cloud security controls and standards (AWS, Azure, GCP).
• Strong analytical and problem-solving skills with attention to detail.
• Excellent communication and stakeholder management skills.

• Security or compliance certifications: CISSP, CISM, CCSP, ISO 27001 Lead Implementer/Auditor, CRISC, CISA, etc.
• Experience supporting SOC 2 Type 2, ISO 27001 certification, or PCI DSS initiatives.
• Hands-on experience conducting risk assessments and managing corrective action plans.
• Familiarity with privacy regulations such as GDPR and CCPA.
• Understanding of DevOps security and CI/CD pipeline integrations for compliance.

Additional Job Description:

Broadcom is proud to be an equal opportunity employer.  We will consider qualified applicants without regard to race, color, creed, religion, sex, sexual orientation, national origin, citizenship, disability status, medical condition, pregnancy, protected veteran status or any other characteristic protected by federal, state, or local law.  We will also consider qualified applicants with arrest and conviction records consistent with local law.

If you are located outside USA, please be sure to fill out a home address as this will be used for future correspondence.