Information Security Engineer

In this role, you will oversee compliance across security, privacy, legal, and data protection, while fostering a culture of transparency and accountability. This position is ideal for someone passionate about information security and data protection compliance in a tech-centric, SaaS environment.

Responsibilities

• Support and oversee the Information Security Governance, Risk, Compliance, and Privacy operations ensuring alignment with the organization's strategic objectives and regulatory requirements.

• Assist in strengthening the organization's risk management processes by working closely with stakeholders, clients, partners, service providers, and vendors to ensure compliance and security posture.

• Assist in maintaining and executing the organization's data privacy initiatives, ensuring compliance with relevant regulations (e.g., GDPR, CCPA) across operations.

• Work with process and control owners to design and implement information security controls, including the development of policies, procedures, and related documentation.

• Contribute to the establishment and management of a formal Information Security GRC and Privacy Program, and support the creation of a roadmap that aligns with industry standards and compliance needs.

• Partner with Legal, HR, and other departments to support an effective privacy program, helping to sustain organizational compliance and ethical standards.

• Lead risk assessments and support efforts to achieve key certifications and attestations, such as ISO 27001, AICPA SOC 2 Type 2, and others.

• Assist in managing a security awareness training program, contributing to building a strong security culture within the organization.

• Collaborate with sales and customer success teams to address security, compliance, and legal concerns, ensuring client satisfaction while maintaining compliance.

. Ensure compliance with relevant regulations and standards

Minimum 3-5 years of proven experience in areas of Information Security Governance, Risk Management, Compliance and Privacy.

• In-depth knowledge of the tech industry's standards and regulations (experience with SaaS products is a big plus)

• Experience in the implementation of regulatory and compliance frameworks (SOC2, ISO2700x, ITIL, COBIT)

• Familiarity with Cloud Infrastructure technologies.

• Understanding of global data protection laws, standards, and associated frameworks (e.g., GDPR, CCPA)

• Excellent knowledge of reporting procedures and record keeping

• A business acumen partnered with a dedication to legality

• An analytical mind able to "see" the complexities of procedures and regulations

• BSc/BA in information technology, cybersecurity, project management or related field.

• Certifications such as CISSP, CISM, Security+, CIPM, CIPP/E, PMP are desirable.

- Expertise in using and integrating Splunk, ELK Stack, XDR, SIEM, and SOAR platforms.