Job Title: Cyber Security Compliance Engineer
Location: San Jose, CA
Description:
Security Compliance Engineer - AWF
The Global Information Security team is responsible for driving security compliance activities for client payment gateway, Marketplaces, Corporate IT, and adjacent businesses. The Security Compliance Analyst will play a critical role working directly with business leaders to understand security compliance issues, lead technical compliance assessments and mitigation efforts, and develop effective remediation programs and actions to resolve compliance issues.
Key Responsibilities
- Ability to provide pragmatic guidance to business leaders and stakeholders that effectively balances security compliance risks with the needs of the business.
- Contribute to the growing information security and compliance program at client, including performing security compliance audits, identifying problems and areas for process improvement
- Work closely with internal business units and relevant departments to assess compliance and where necessary, provide support in remediating non-compliant areas
- Have a deep understanding of security controls, underlying business processes, concepts, practices, and tools used to promote adoption of applicable security standards
- Advise management on specific security requirements, implementations and the impact on business processes, applications and systems as needed
- Generate periodic reports to teams and senior stakeholders and make practical recommendations to improve security practices
- Research and extract insights from industry standards and trends, apply them to the scope of internal controls and improve security practices and compliance in the company
- Facilitate organizational adoption of new security controls, standards and best practices through thoughtful change management strategies
- Document security/technology control requirements and develop methods to meet new cyber security and compliance needs and requirements as needed.
- Coordinate compliance and audit activities with other groups.
Requirements
- 10+ years of security and compliance experience. Experience in eCommerce, Payments, or Technology space a plus
- Experience with/understanding of PCI DSS, SOC 2, ISO 27001, NIST and/or other industry standard control frameworks.
- Experience with managing third party audits including working with internal teams to collect evidence to be used in an audit.
- Strong technical understanding of security compliance requirements and solutions, as well as threats and challenges impacting the protection of information across an extended global enterprise.
- Possess general knowledge of networking, encryption, authentication, payment infrastructure, cloud infrastructure and application security
- Capable of flexing between high level strategic concepts & frameworks to tactical operational implementation
- Self-starter with a bias towards action and can thrive in a fast-paced and ambiguous environment
- Exceptional communication skills including clear and concise writing, an engaging presentation style, and group facilitation
- Strong teamwork skills with a demonstrated ability to collaborate across teams and roles