Sr. Compliance Engineer-Enterprise SaaS, Trust & Compliance Team Summary:
Vaco Staffing is conducting a search on behalf of a SaaS software organization in need of a Sr. Compliance Engineer with a background in policy-writing, procedural documentation, and audit program management skills.
Project Details:
- This is a 3-4-month contract position very likely to extend and does have a chance to convert but not a guarantee. The pay rate is 65/hr. w2 with some flexibility (within reason for the right candidate)
- The position is 100% remote.
- Must be willing to work on Vaco w2 directly , no c2c, third party inquiries or 1099 candidates.
- Unable to sponsor now, unable to sponsor in future.
- Background Checks will be included in the process.
The role of a Sr. Compliance Engineer is to work with our Trust and Compliance team to:
- Drive security compliance efforts from the beginning to the end by maintaining a positive relationship with both internal and external stakeholders.
- Maintain compliance documentation, including audit evidence, controls, and vendor security reviews.
- Design, implement, maintain, and improve programs to address key company risks and prepare internal teams for independent assessments against a wide variety of regulatory and compliance frameworks (PCI, SOC, ISO 27XXX, HIPAA, GDPR, etc)
- Monitor the performance of the compliance program through the development of and maintenance of automated systems.
- Work with cross functional teams to identify risks and gaps in our compliance controls and facilitate remediation across our products and infrastructure.
- Assist with completing security questionnaires from customers and answering customer questions with respect to compliance; work with the internals team to create customer collateral to educate internal staff and aid in the sales process.
- Assist with requesting/reviewing security questionnaires/contracts from vendors and identify security risks and gaps in the compliance controls to aid in the procurement process.
- Develop automations of risk management, control execution and monitoring
WHAT YOU'LL NEED TO BE SUCCESSFUL
- 5+ years of experience with a demonstrated track record of success in GRC, internal audit, security, and/or privacy space.
- Knowledge of various compliance frameworks (PCI, SOC2, ISO 27001, ISO 27018, HIPAA, GDPR, etc.)
- Strong experience with any scripting languages like Ruby, Python, Unix shell, bash, etc.
- Functional knowledge of multiple security domains and information security industry standards and best practices
- Experience leading 3rd party risk management programs, including responding to customer security questionnaires, interacting directly with customer sales and security teams, and reviewing vendor security.
- Solid experience managing compliance initiatives for cloud platforms and interacting with external auditors.
- Strong project management skills
- Strong written and verbal communication skills
NICE TO HAVEs
- A mix of experiences at a Big Four (or similar) audit or consulting firm and at an in-house governance, risk, and compliance function at a SaaS company
- Industry recognized certification in security ISO 27001 LA / LI or desire to pursue CISSP, CISA, CISM, CCSK, etc. in 6 months.
- Experience working in an international / global organization.