Cyber Security Engineer

The Opportunity

“FICO is seeking Cyber Security Engineer to join our growing GRC Team. This is a full-time regular position (hybrid), and a great opportunity for an individual with strong PCI, ISO 27001, SOC2 audit skills or great interest in security Compliance and Risk Management frameworks and grow in exciting field of GRC" – Director, Cyber Security.

What You’ll Contribute

• 2.8+ years of applicable work experience, in performing and running audits, certification programs and control assessments, including but not limited to scope planning, defining control procedures based on requirements, policies and standards, control testing, mapping issues to risks and socializing results.
• Coordinate audit-related tasks to ensure the readiness of managers and their teams for audit testing and facilitate the timely resolution of any audit findings.
• Strong knowledge of common security legal and regulatory requirements (e.g., PCI, SOC, CSA STAR, NIST, ISO/IEC 27001, COBIT, etc.)
• Work on compliance initiatives to ensure operational effectiveness with applicable laws and regulations, as well as internal policies and procedures.
• Monitor activities of assigned IT areas to ensure compliance with internal policies and standards.
• Assist Corporate Compliance and the Business with all required compliance/security-related documentation.
• Facilitate for external audits to ensure compliance with all industry-mandated regulations
• Participate in the development and implementation of new business initiatives to ensure functionality required to support compliance.
• Provide guidance to business functions on compliance/security-related matters.
• Good understanding of IT concepts, including Cloud hosting, containerization, encryption, networking, operating systems, databases, middleware, and applications
• Knowledge of or experience working with, Cloud technologies/environments, AWS or other related cloud experience is required.
• Ability to effectively communicate to all levels of the organization, including senior management, and other stakeholders that influence the security and compliance posture of FICO
• Ability to assess the nature of controls and identify automation opportunities for increased monitoring and scaling coverage

What We're Seeking

• Bachelor’s degree in the field of Information Security, Computer Science or discipline and/or certifications (e.g., ISO 27001 LI/LA, ISA/QSA, CISSP, CISA, CISM, and related GIAC.)
• Demonstrated ability to apply IT-related knowledge and experience in solving compliance issues.
• Experience implementing cloud security and compliance standards, frameworks, and controls (ISO/IEC 27001, SOC 2, PCI, NIST) for cloud service delivery models (IaaS, PaaS, SaaS)
• AWS Certifications (added advantage)
• Experience or understanding of governance, risk and compliance (GRC) processes and solutions.
• Background in security controls, auditing, network and system security.
• Ability to express technical concepts in business terms.
• Able to work well under deadlines in a changing environment and complete multiple projects effectively and concurrently.
• Evaluate effectiveness of the internal security control framework and recommend adjustments as business needs change.
• Regularly interact with all levels of management to present and discuss audit results and obtain gap remediation status.

Our Offer to You

• An inclusive culture strongly reflecting our core values: Act Like an Owner, Delight Our Customers and Earn the Respect of Others.
• The opportunity to make an impact and develop professionally by leveraging your unique strengths and participating in valuable learning experiences.
• Highly competitive compensation, benefits and rewards programs that encourage you to bring your best every day and be recognized for doing so.
• An engaging, people-first work environment offering work/life balance, employee resource groups, and social events to promote interaction and camaraderie.