Security and Compliance Engineer

Job Description

We are seeking a detail-oriented and analytical Security and Compliance Engineer to join our team in Woburn, United States. In this role, you will be responsible for developing, implementing, and maintaining our organization's security and compliance programs to protect our information assets and ensure adherence to regulatory requirements.

Key Responsibilities:

1. Compliance Management:
   • Monitor and enforce compliance with security standards, policies, and regulations such as GDPR, HIPAA, PCI-DSS, SOC 2, ISO 27001, and others.
   • Conduct regular audits to ensure adherence to security best practices and regulatory frameworks.
   • Assist in preparing for external audits, ensuring necessary documentation and evidence are in place.
2. Risk Assessment:
   • Assess and evaluate potential security risks in systems, applications, and processes.
   • Conduct vulnerability assessments, risk assessments, and gap analyses to identify areas of non-compliance or weaknesses.
   • Recommend corrective actions or enhancements to improve security and compliance posture within the Sirtex landscape.
3. Security Framework Implementation:
   • Develop, implement, and maintain security policies and procedures aligned with industry standards and regulatory requirements.
   • Ensure proper implementation of controls (e.g., encryption, authentication) to meet compliance requirements.
4. Collaboration:
   • Work with the Director of IT and operations along with legal, and other relevant teams to ensure compliance with internal and external security standards.
   • Provide guidance on security best practices for internal projects, system deployments, and new product launches.
5. Documentation & Reporting:
   • Maintain accurate documentation of compliance activities, audits, risk assessments, and findings.
   • Prepare reports and presentations for senior management, highlighting compliance status, risk assessments, and recommendations.
6. Incident Response:
   • Participate in incident response activities related to security breaches, ensuring timely reporting and corrective actions in line with regulatory requirements.
   • Assist in maintaining and testing disaster recovery and business continuity plans.
7. Training & Awareness:
   • Conduct regular training sessions for employees regarding security policies, compliance requirements, and best practices.
   • Promote awareness of security issues within the organization and ensure compliance with security practices.

Qualifications

• Bachelor's degree in Computer Science, Information Security, or a related field
• 3-5 years of experience in information security and compliance
• In-depth knowledge of information security frameworks (e.g., ISO 27001, NIST) and compliance standards (e.g., GDPR, HIPAA, PCI DSS)
• Strong experience in risk assessment, security auditing, and penetration testing
• Proficiency in using and managing cybersecurity tools and technologies
• Experience with cloud security in platforms such as AWS, Azure, or GCP
• Scripting skills in languages such as Python or PowerShell
• Familiarity with implementing and maintaining security controls across diverse IT environments
• Understanding of current cybersecurity threats and trends
• Knowledge of data protection and privacy regulations
• Excellent analytical and problem-solving skills with a strong attention to detail
• Effective communication skills, both written and verbal
• Ability to work efficiently in a fast-paced, dynamic environment
• Relevant certifications such as CISSP, CISM, CEH, or CompTIA Security+ are preferred

Additional Information

Desirable Skills:

• Experience with regulatory frameworks specific to the industry (e.g., finance, healthcare, government).
• Knowledge of cloud platforms (AWS, Azure, Google Cloud) and their security/compliance requirements.
• Familiarity with tools like GRC (Governance, Risk, Compliance) platforms, vulnerability scanners, and SIEM systems.

This role is critical for organizations aiming to stay ahead of evolving security threats and regulatory requirements, and ensures the integrity, confidentiality, and availability of information assets.

The target base salary range for this position will range from $125,000 to $158,000 annually. Individual compensation for this job requisition will be based on non-discriminatory factors, including your geographic location, skills, experience, education and other factors as they relate to the position requirements.  Actual compensation may vary depending on the confirmed job-related skills and experience.

In addition to the expected base compensation, this role is eligible to participate in Sirtex’s incentive programs (target bonus of 10% for this position) and benefit plans, which include paid sick and vacation time, health insurance and a generous 401k matching program.

Do you want to be part of something bigger? A team whose impact stretches across the globe making a real difference to the quality of people’s lives.  Sirtex recognizes that well-being, financial health, and work-life balance are crucial for our employees to achieve personal success. 

Sirtex offers qualified candidates:

• Diverse and flexible work arrangements to achieve the optimum balance between work and personal responsibilities.
• A culture of respect, diversity, collaboration, and innovation fostering inclusiveness and superior performance.
• Attractive compensation and benefit packages which are practical, robust and equitable.
• A commitment to support ongoing professional growth through career development, on the job experiences and training opportunities.
• Challenging work which supports the development of new and better ways to improve clinical outcomes for oncology treatment around the world.
• An unwavering commitment to company values, employee safety and excellence in everything we do.  

Diversity drives innovation; inclusion fosters belonging, growth and success. Sirtex believes that it takes multiple perspectives and voices to create a culture and workplace which fosters engagement, teamwork, and employee satisfaction to perform our best and deliver on commitments. We are dedicated to fostering an environment where all employees feel valued, included, and can share their ideas so that we can exceed even our own expectations.

Sirtex is An Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status, age or any other characteristic protected under applicable law.  Sirtex will make reasonable accommodations for qualified individuals with known disabilities, in accordance with applicable law.