Senior IT Security Compliance Engineer

The Senior IT Security Compliance Engineer is responsible for developing, maintaining, and advancing the organization’s security compliance posture. This role leads security audits, manages compliance frameworks, and ensures the effectiveness of security controls across the organization. The position works closely with cross‑functional stakeholders to support regulatory requirements, customer security inquiries, and continuous security improvements in a SaaS/cloud-based environment.

Key Responsibilities

• Develop, review, and maintain IT security policies, standards, procedures, and guidelines in alignment with industry best practices and regulatory requirements.
• Lead and coordinate compliance initiatives for security frameworks and standards, including but not limited to ISO 27001, SOC 2, CMMC, NIST, and internal security assessments.
• Manage audit readiness activities, including documentation preparation, evidence collection, stakeholder coordination, and remediation tracking for internal and external audits.
• Respond to customer and partner security questionnaires, ensuring accurate, consistent, and timely responses.
• Conduct periodic security and risk assessments to evaluate the effectiveness of security controls and identify improvement opportunities.
• Track, manage, and follow up on vulnerability remediation efforts in collaboration with IT, engineering, and operations teams.
• Prepare and deliver security metrics, compliance reports, and executive-level summaries.
• Provide security awareness, training, and education to employees to promote a strong security culture across the organization.
• Support continuous improvement of governance, risk, and compliance (GRC) processes and tooling.

Requirements and Qualifications

• Strong knowledge of information security principles, risk management, and compliance frameworks, with a solid understanding of ISO 27001 requirements and controls.
• Hands-on experience supporting audits and compliance programs for frameworks such as ISO 27001, SOC 2, CMMC, NIST, or similar.
• GRC-related certification (e.g., CISSP, CISA, CRISC, ISO 27001 Lead Implementer/Lead Auditor) is preferred.
• Experience working in SaaS or technology-driven environments is highly desirable.
• Familiarity with cloud computing platforms and cloud security principles.
• Excellent written and verbal communication skills, with proven ability to produce clear, high-quality security documentation and reports.
• Minimum of 5 years of professional experience in cybersecurity, information security, or compliance-related roles.
• Bachelor’s degree in Computer Engineering, Computer Science, Information Security, or a related field.