Senior Security and Compliance Engineer

Company Description

Sirtex Medical is a global leader in healthcare, with offices in the U.S., Australia, Germany, and Singapore, dedicated to improving patient outcomes.

Our mission is to be at the forefront of minimally invasive cancer and embolization therapies. By partnering with physicians, we aim to provide innovative products that enhance patient outcomes and simplify treatments. Achieving this ambitious goal requires passionate and talented individuals who are committed to making a difference. Our flagship product, SIR-Spheres® Y-90 resin microspheres, is a targeted radiation therapy for liver cancer. To date, we have delivered over >150K doses across 50+ countries, significantly impacting patients' lives worldwide. Our success is fueled by our dedication to serving the medical community, maintaining professionalism, fostering a collaborative work culture, nurturing an entrepreneurial spirit, and continuously pursuing innovation and improvement.

At Sirtex, we are committed to creating a great workplace. We offer a range of benefits, programs, and services to support our employees, ensuring they have opportunities to contribute to our success and advance their careers. Join our inclusive community, where you can collaborate with talented colleagues, bring your ideas to life, and advance your career, all while delivering innovative healthcare solutions to patients.

Job Description

A Senior Security Compliance Engineer is responsible for ensuring that an organization's information systems and processes meet specific security and regulatory requirements. This role will be responsible to maintain compliance with various laws, regulations, and industry standards, and help identify and mitigate security risks to safeguard company data. The role involves collaboration with various teams to establish, monitor, and enforce security controls.

Key Responsibilities:

1. Compliance Management:
   • Monitor and enforce compliance with security standards, policies, and regulations such as GDPR, HIPAA, PCI-DSS, SOC 2, ISO 27001, and others.
   • Conduct regular internal audits to ensure adherence to security best practices and regulatory frameworks.
   • Assist in preparing for external audits, ensuring necessary documentation and evidence are in place.
2. Risk Assessment:
   • Assess and evaluate potential security risks in systems, applications, and processes.
   • Conduct vulnerability assessments, risk assessments, and gap analyses to identify areas of non-compliance or weaknesses.
   • Recommend corrective actions or enhancements to improve security and compliance posture within the Sirtex landscape.
3. Security Framework Implementation:
   • Develop, implement, and maintain security policies and procedures aligned with industry standards and regulatory requirements.
   • Ensure proper implementation of controls (e.g., encryption, authentication) to meet compliance requirements.
4. Collaboration:
   • Work with the Director of IT and operations along with legal, and other relevant teams to ensure compliance with internal and external security standards.
   • Provide guidance on security best practices for internal projects, system deployments, and new product launches.
5. Documentation & Reporting:
   • Maintain accurate documentation of compliance activities, audits, risk assessments, and findings.
   • Prepare reports and presentations for senior management, highlighting compliance status, risk assessments, and recommendations.
6. Incident Response:
   • Participate in incident response activities related to security breaches, ensuring timely reporting and corrective actions in line with regulatory requirements.
   • Assist in maintaining and testing disaster recovery and business continuity plans.
7. Training & Awareness:
   • Conduct regular training sessions for employees regarding security policies, compliance requirements, and best practices.
   • Promote awareness of security issues within the organization and ensure compliance with security practices.

Qualifications

Required Skills and Qualifications:

• Bachelor's degree in Computer Science, Information Security, or a related field
• 10 + years of experience in information technology along with information security and compliance
• In-depth knowledge of information security frameworks (e.g., ISO 27001, NIST) and compliance standards (e.g., GDPR, HIPAA, PCI DSS)
• Strong experience in risk assessment, security auditing, and penetration testing
• Proficiency in using and managing cybersecurity tools and technologies
• Experience with cloud security in platforms such as AWS, Azure, or GCP
• Scripting skills in languages such as Python or PowerShell
• Familiarity with implementing and maintaining security controls across diverse IT environments
• Understanding of current cybersecurity threats and trends
• Knowledge of data protection and privacy regulations
• Excellent analytical and problem-solving skills with a strong attention to detail
• Large scale Project Management skills
• Effective communication skills, both written and verbal
• Ability to work efficiently in a fast-paced, dynamic environment
• Relevant certifications such as CISSP, CISM, CEH, or CompTIA Security+ are preferred

Desirable Skills:

• Experience with regulatory frameworks specific to the industry (e.g., finance, healthcare, government).
• Knowledge of cloud platforms (AWS, Azure, Google Cloud) and their security/compliance requirements.
• Familiarity with tools like GRC (Governance, Risk, Compliance) platforms, vulnerability scanners, and SIEM systems.

This role is critical for organizations aiming to stay ahead of evolving security threats and regulatory requirements, and ensures the integrity, confidentiality, and availability of information assets.

Additional Information

This role is critical for organizations aiming to stay ahead of evolving security threats and regulatory requirements, and ensures the integrity, confidentiality, and availability of information assets.

The target base salary range for this position will range from $125,000 to $158,000 annually. Individual compensation for this job requisition will be based on non-discriminatory factors, including your geographic location, skills, experience, education and other factors as they relate to the position requirements.  Actual compensation may vary depending on the confirmed job-related skills and experience.

In addition to the expected base compensation, this role is eligible to participate in Sirtex’s incentive programs (target bonus of 10% for this position) and benefit plans, which include paid sick and vacation time, health insurance and a generous 401k matching program.

Do you want to be part of something bigger? A team whose impact stretches across the globe making a real difference to the quality of people’s lives.  Sirtex recognizes that well-being, financial health, and work-life balance are crucial for our employees to achieve personal success. 

Sirtex offers qualified candidates:

• Diverse and flexible work arrangements to achieve the optimum balance between work and personal responsibilities.
• A culture of respect, diversity, collaboration, and innovation fostering inclusiveness and superior performance.
• Attractive compensation and benefit packages which are practical, robust and equitable.
• A commitment to support ongoing professional growth through career development, on the job experiences and training opportunities.
• Challenging work which supports the development of new and better ways to improve clinical outcomes for oncology treatment around the world.
• An unwavering commitment to company values, employee safety and excellence in everything we do.  

Diversity drives innovation; inclusion fosters belonging, growth and success. Sirtex believes that it takes multiple perspectives and voices to create a culture and workplace which fosters engagement, teamwork, and employee satisfaction to perform our best and deliver on commitments. We are dedicated to fostering an environment where all employees feel valued, included, and can share their ideas so that we can exceed even our own expectations.

Sirtex is An Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status, age or any other characteristic protected under applicable law.  Sirtex will make reasonable accommodations for qualified individuals with known disabilities, in accordance with applicable law.