Information Security Compliance Engineer III

Job Description:

We are seeking a detail-oriented Information Security Compliance Engineer to ensure our organization's enterprise Information systems and processes comply with regulatory standards and industry best practices. The ideal candidate will play a pivotal role in conducting security audits, identifying risks, and implementing strategies to maintain compliance and enhance the security posture of enterprise operations.

Key Responsibilities:

• Conduct regular information security assessments to evaluate system integrity and compliance.
• Work with Enterprise Risk and Compliance as the technical subject matter expert during audit reviews.
• Develop and recommend information security policies, procedures, and guidelines in accordance with ISO/IEC 27001 and ISO/IEC 27002 standards.
• Coordinate with various departments to ensure that security controls are integrated into business processes.
• Monitor compliance with internal security policies, industry standards, and regulatory requirements.
• Maintain documentation related to information security compliance, including audit reports, risk assessments, and incident reports.
• Perform technical risk assessments and identify areas for improvement in infrastructure security systems.
• Prepare detailed reports on security audit findings and recommendations for management.
• Assist project teams and information owners in identifying security control objectives and appropriate security controls for protecting company information and assets.

Qualifications:

• Bachelor’s degree in information technology, Computer Science, or a related field.
• Professional certifications such as CISA (Certified Information Systems Auditor), CRISC (Certified in Risk and Information Systems Control), or CISSP (Certified Information Systems Security Professional).
• Strong understanding of regulatory requirements, industry standards, and cybersecurity best practices, particularly ISO/IEC 27001, ISO/IEC 27002, SOC 2, GDPR, and PCI DSS.
• Minimum of 5 years of experience in IT security audit, compliance, or a related role.
• Excellent analytical and problem-solving skills.
• Detail-oriented with strong organizational abilities.

Other Qualifications:

• The Winning Way behaviors that all employees need in order to meet the expectations of each other, our customers, and our partners:Communicate with Clarity - Be clear, concise, and actionable. Be relentlessly constructive. Seek and provide meaningful feedback.
• Act with Urgency - Adopt an agile mentality - frequent iterations, improved speed, resilience. 80/20 rule – better is the enemy of done. Don’t spend hours when minutes are enough.
• Work with Purpose - Exhibit a “We Can” mindset. Results outweigh effort. Everyone understands how their role contributes. Set aside personal objectives for team results.
• Drive to Decision - Cut the swirl with defined deadlines and decision points. Be clear on individual accountability and decision authority. Guided by a commitment to and accountability for customer outcomes.
• Own the Outcome - Defined milestones, commitments, and intended results. Assess your work in context, if you’re unsure, ask. Demonstrate unwavering support for decisions.