Security Engineer - Compliance

Compliance Ownership

• Manage end-to-end compliance programs, including ISO 27001 HIPAA, SOC 2 TX-RAMP.
• Coordinate with vendors, auditors, and internal teams to ensure timely and complete compliance.
  

Policy And Documentation

• Create and maintain security policies, SOPs, audit documentation, and risk registers.
• Track compliance gaps and work with teams on remediation efforts.
  

Audit And Risk Management

• Act as the point of contact during audits and certification processes.
• Conduct risk assessments and recommend security improvements.
• Drive recurring activities such as access reviews, internal audits, and awareness training.
  

Stakeholder And Vendor Collaboration

• Engage with external compliance service providers.
• Prepare and present compliance status, risks, and mitigation reports to leadership.
  

Requirements

• Strong work ethic, self-motivation, and reliability.
• Excellent problem-solving ability and eagerness to learn.
• 2-5 years of experience in security compliance, risk management, or audit.
• Experience managing compliance frameworks such as ISO 27001 HIPAA, and SOC 2
• Ability to independently manage compliance programs.
• Proficiency in access control, risk management, security frameworks, and governance models.
• Experience with documentation, policy creation, and audit coordination.
• Excellent communication and stakeholder management skills.
• Exposure to AI tools or prompt-based compliance support is a strong plus.
• Certifications such as ISO 27001 Lead Auditor/Implementer, CISA, CISM, CIPT are preferred but not mandatory.
  

Preferred (Good To Have)

• Experience with GRC tools.
• Familiarity with cloud security (Azure, AWS, GCP).
• Understanding of vendor risk management and third-party security assessments.