Security Compliance Engineer
Emeryville, CA

Job Description

The Security Compliance Engineer is responsible for supporting and facilitating Innovative's Information Security Management System (ISMS) Program in alignment with business goals and corporate objectives. The job duties will span a wide range of security, IT and compliance requirements for a global software development organization. This position will assist the Senior Security Compliance Engineer, the Information Security Management Team and the IT department by supporting the day-to-day activities of the program and work closely with relevant stakeholders to ensure industry standards and secure best practices are met.

DUTIES AND RESPONSIBILITIES

Essential Functions:

* Functions as a subject matter expert in a wide variety of information security areas while specializing in internal compliance and external standards.
* Assists in the development, implementation and maintenance of information security policy requirements, standards and guidelines, operation procedures and controls.
* Supports and assists the company's Information Security Management System (ISMS), 3rd party audits and compliance activities including but not limited to; ISO 27001, ISO 27018, SOC2, EU-US Privacy Shield, General Data Protection Legislation (GDPR), FedRAMP etc.
* Supports security initiatives with engineering and development organizations and works with product managers to identify, prioritize, and drive security goals and objectives throughout the business. Ensures software development activities meets internal security policies as well as industry level standards including Secure Software Development Lifecycle, OWASP top 10 and SANs top 25 development requirements etc.
* Assists and supports security related reports and KPIs as needed by executive and upper management, drives deliverables, and communicates to stakeholders effectively.
* Assists in risk and management activities including risk assessments, risk reviews and risk reporting, completing customer (or potential customer) risk assessments.
* Assists in vendor management activities including privacy impact assessments, vendor onboarding/offboarding etc.
* Assists in security incident investigation and remediation as well as disaster recovery initiatives.
* Assists in annual security and compliance activities including; security awareness and training, penetration testing, vulnerability scanning, vulnerability remediation etc.
* Supports the Senior Security Compliance Engineer in support of business and compliance activities.
* Supports and assists the business throughout the entire sales process including; requests for information, requests for purchase, customer related vendor questionnaires, security questionnaires etc.

EXPERIENCE AND QUALIFICATIONS

Required

Education, Licenses, and Certifications:

* Bachelor's degree in computer science, computer engineering and/or security.
* CISSP Certification, or if necessary other applicable industry certification (CompTIA, CISA, CISM) in combination with work experience.

Experience:

* Minimum 3 years supporting information security operations and information security related activities in a global medium sized company.
* Experience with secure software and web application development methodologies such as; Agile, OWASP top 10, SANS top 25 etc.
* Experience with security related technologies including; security incident and event management (SIEM) software, network penetration testing technologies, antivirus, IDS/IPS, Firewalls, SPAM filters etc.
* Experience with and knowledge of security standards and government regulations including but not limited to ISO/IEC, SOC2, NIST, EU- US Privacy Shield, GDPR, California Consumer Privacy Act (CCPA), FedRAMP, FERPA.
* Solid technical background with understanding and/or hands-on experience in cloud and hosted environments and IT infrastructure technologies.

Critical Knowledge, Skills, and Abilities Requirements:

* Strong working knowledge of Microsoft Office and Wiki information delivery systems.
* Excellent verbal and written communication skills.
* Solid organizational skills including attention to detail and multi-tasking skill.

Preferred

* Familiarity with coding languages such as; Java, JavaScript
* Familiarity with database technologies such as; PostgreSQL, Elasticsearch etc.

ADDITIONAL REQUIREMENTS OR INFORMATION

* Although duties are typically performed during normal business hours, occasional off-hours work may be required to meet customer and/or business needs.
* The above statements are intended to describe the general nature and level of work being performed by most people assigned to this job. They are not intended to be an exhaustive list of all duties, responsibilities, and skills required. Nothing in this job description restricts management's rights to assign or re-assign duties and responsibilities to this job at any time.

Innovative Interfaces is an Equal Opportunity and Affirmative Action employer. It provides equal employment opportunities to all employees and applicants for employment without regard to race, color, sex, national origin, age, religion, disability, or any other legally protected status and takes affirmative action to recruit, employ, train, and promote qualified minorities, women, covered veterans, and individuals with disabilities.