Cybersecurity Compliance Engineer

As a Cybersecurity Compliance Engineer, you will assess internal and external systems for compliance gaps, manage risk assessment processes, assist with audits, and collaborate with cross-functional teams to implement and maintain security controls that meet or exceed compliance requirements. You will play a critical role in supporting the security and governance initiatives of the organization.
Specific Duties and Responsibilities: ·         Ensure organizational compliance with relevant laws, regulations, and standards (e.g., PCI-DSS, HIPAA, GDPR, SOC 2, SOX, NIST, ISO 27001, etc.). ·         Manage and update compliance documentation and ensure all security policies and procedures are current and adhere to industry standards. ·         Regularly assess compliance status through internal audits and gap analysis and identify areas for improvement. ·         Conduct Internal Audit across IT domains using the ITGC controls framework across Network, IAM, Data/ End-point, Product and SOC ·         Assist in the preparation for internal and external audits, ensuring proper documentation and remediation of non-compliant areas.·         Perform risk assessments and work with cross-functional teams to identify, analyze, and mitigate IT security risks and vulnerabilities that could affect compliance. ·         Facilitate the implementation of corrective actions and control improvements based on audit findings. ·         Develop, implement, and maintain IT security policies, procedures, and controls to ensure ongoing compliance with regulations. ·         Support the review and drafting of security-related policies, ensuring they are consistent with compliance and security best practices. ·         Work closely with internal stakeholders, including IT, legal, and operations teams, to ensure compliance requirements are understood and met across the organization. ·         Provide guidance to management and technical teams on implementing security controls and meeting compliance objectives. ·         Educate employees on security and compliance best practices and provide training, as necessary. ·         Monitor compliance status regularly and generate compliance reports for management, stakeholders, and auditors. ·         Track compliance metrics and KPIs, ensuring the organization remains up to date with evolving regulatory requirements.·         Assist with incident investigations related to non-compliance and support remediation activities, as necessary. ·         Ensure that incidents that impact compliance are documented and reported to the relevant authorities as per regulatory requirements. ·         Plan and execute realistic, high-fidelity red team operations to simulate adversary tactics, techniques, and procedures (TTPs) against internal and external Penumbra systems. ·         Adversary emulation to simulate advanced persistent threats (APTs), including social engineering (e.g., phishing, vishing), physical penetration testing, and network exploitation. ·         Develop, deploy, and maintain custom attack tools, scripts, and payloads to support red team engagements. ·         Adhere to the Company’s Quality Management System (QMS) as well as domestic and global quality system regulations, standards, and procedures. ·         Understand relevant security, privacy and compliance principles and adhere to the regulations, standards, and procedures that are applicable to the Company. ·         Ensure other members of the department follow the QMS, regulations, standards, and procedures. ·         Perform other work-related duties as assigned.
Position Qualifications:·         Bachelor's degree in Information Technology, Computer Science, Information Security, or related field with 5+ years of experience, or equivalent combination of education and experience·         Preferred certifications in any of the following: Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP) or Certified Ethical Hacker (CEH) ·         5+ years of experience in IT security, risk management, or IT compliance roles. ·         Solid understanding of IT governance frameworks, security standards, and compliance regulations (e.g., PCI-DSS, HIPAA, GDPR, NIST, SOC 2, SOX, ISO 27001). ·         Experience with internal and external audit processes, risk assessments, and compliance reporting. ·         Familiarity with IT security technologies (firewalls, SIEM, encryption, identity management systems, etc.) is a plus. ·         Familiarity with current security frameworks (e.g., MITRE ATT&CK, OWASP, NIST) and how to apply them in real-world attack simulations. ·         Excellent knowledge of regulatory compliance requirements and the ability to interpret and apply them to technical and business processes. ·         Strong problem-solving skills and attention to detail, with the ability to identify potential compliance gaps and vulnerabilities. ·         Proficient in using compliance management tools, GRC platforms (Governance, Risk, and Compliance), and audit management software.·         Ability to communicate complex compliance concepts to both technical and non-technical stakeholders. ·         Strong project management skills with the ability to work under pressure and meet deadlines. ·         Experience with cloud computing platforms (AWS, Azure, GCP) and understanding of cloud compliance requirements is highly desirable. ·         Understanding of data privacy laws and regulations (e.g., GDPR, CCPA). ·         Ability to analyze complex regulatory requirements and translate them into actionable compliance steps. ·         Ability to conduct thorough audits, risk assessments, and assessments with meticulous attention to detail. ·         Collaborative in working with different departments to ensure compliance and security are built into organizational processes. ·         Ability to anticipate compliance challenges and work to resolve prior to becoming an issue. ·         Comfortable working in a fast-paced, evolving environment with changing compliance requirements. ·         Strong oral, written, and interpersonal communication skills ·         Proficiency with MS Word, Excel, and PowerPoint ·         Excellent organizational skills with ability to prioritize assignments while handling various projects simultaneously
Working Conditions:General office environment. Willingness and ability to work on site. May have business travel from 0% - 10%. Potential exposure to blood-borne pathogens. Requires some lifting and moving of up to 15 pounds. Must be able to move between buildings and floors. Must be able to remain stationary and use a computer or other standard office equipment, such as a printer or copy machine, for an extensive period of time each day. Must be able to read, prepare emails, and produce documents and spreadsheets. Must be able to move within the office and access file cabinets or supplies, as needed. Must be able to communicate. Annual Base Salary Range: $117,815 - $175,233/ yearWe offer a competitive compensation package plus a benefits and equity program, when applicable. Individual total compensation will vary based on factors such as qualifications, skill level, competencies, and work location. What We Offer•A collaborative teamwork environment where learning is constant, and performance is rewarded.•The opportunity to be part of the team that is revolutionizing the treatment of some of the world's most devastating diseases.•A generous benefits package for eligible employees that includes medical, dental, vision, life, AD&D, short and long-term disability insurance, 401(k) with employer match, an employee stock purchase plan, paid parental leave, eleven paid company holidays per year, a minimum of fifteen days of accrued vacation per year, which increases with tenure, and paid sick time in compliance with applicable law(s). Penumbra, Inc., headquartered in Alameda, California, is a global healthcare company focused on innovative therapies. Penumbra designs, develops, manufactures, and markets novel products and has a broad portfolio that addresses challenging medical conditions in markets with significant unmet need. Penumbra sells its products to hospitals and healthcare providers primarily through its direct sales organization in the United States, most of Europe, Canada, and Australia, and through distributors in select international markets. The Penumbra logo is a trademark of Penumbra, Inc. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, age, disability, military or veteran status, or any other characteristic protected by federal, state, or local laws. If you reside in the State of California, please also refer to Penumbra's Privacy Notice for California Residents. For additional information on Penumbra’s commitment to being an equal opportunity employer, please see Penumbra's AAP Policy Statement.