Vacancy expired!
- Lead compliance program/project initiatives, audits, and benchmarking of R&D product security policies against best practices and standards, which may include ISO 27001, NIST 800-53, and other NIST special publications.
- Participate in security investigations and compliance reviews of R&D developed products as required by internal or external audit plans.
- Coordinate with stakeholders to ensure all product security related policy exceptions/risk acceptances are managed in accordance to company policies and standards
- Complete product security risk assessments with emphasis on processes, infrastructure, security, compliance with internal and external regulations, and major company projects.
- Prepare and deliver compliance reports to leadership that effectively communicate trends, highlight relevant findings or risks, and identify remediation recommendations.
- Interpret internal policy and commercial and government regulatory compliance requirements (ISO, FedRAMP, PCI-DSS, etc.) into technical requirement specifications for engineering and operations teams.
- Leverage knowledge of, and experience in, leading practice controls across hyperscale Cloud Service Providers (coupled with modern software development and delivery) to consult with technical teams to collaboratively identify, evaluate, and recommend architecture designs and solutions to solve for compliance and control requirements and gaps.
- Collaborate with cross-functional teams (including engineering, product management, sales operations, and finance) to develop business- and risk-appropriate control implementation solutions that meet all required corporate policies.
- Research and communicate the latest product security compliance best practices and updates, staying abreast of new governance initiatives that may impact our customers or business processes.
- Maintain knowledge and understanding of internal systems/business changes, which may impact effectiveness of internal controls.
- Collaborate with project and program management to define and deploy data solutions to proactively identify, evaluate, and monitor potential compliance violations and findings.
- Provide requirements to engineering and DevOps to support incorporating automated compliance tools and processes into the CI/CD pipeline.
- 7-9 years of relevant application security / assurance and / or product security audit experience (with bias towards control design and implementation).
- Ability to communicate clearly to both technical and non-technical audiences, risks, threats, and vulnerabilities identified during assessments.
- Ability to communicate clearly and concisely with internal and external parties, building strong partnerships with partner organizations.
- Hands-on experience with one or more of the following security standards and technical / compliance requirements: ISO 27001, NIST 800-53, FedRAMP Moderate, ITAR.
- In-depth knowledge of PaaS and IaaS security controls and architecture of leading hyperscale Cloud Service Providers.
- Hands-on experience with one or more of the following hyperscale Cloud Service Providers is required: AWS, Azure, or GCP.
- Strong knowledge of infrastructure, database, and application security.
- Proficiency with commonly used SaaS tools, such as JIRA, ServiceNow, O365 apps, etc.
- Experience with SCA, SAST, DAST, and/or penetration testing workflows, tools, and methodologies.
- You're curious, passionate, authentic and accountable. These are our values and influence everything we do.
- Previous experience with delivering security compliance, risk management and IT audit programs at tech companies preferred.
- CISSP, CSSLP, CCSP, CISA, or AWS Security or Azure Security certifications
- Experience with one or more of FedRAMP High, SOX, PCI, HIPAA, etc.
- Experience with open source license compliance and component management (SBOMs).
- Experience assessing and measuring software process maturity and secure development lifecycles against software security maturity models (SAMM, BSIMM).
- Experience implementing and auditing compliance in CI/CD pipelines.
- Experience with encryption export regulation compliance and cryptography export controls.
- ID: #46206076
- State: North Carolina Caryhq 27513 Caryhq USA
- City: Caryhq
- Salary: USD TBD TBD
- Job type: Permanent
- Showed: 2022-10-04
- Deadline: 2022-12-01
- Category: Et cetera