Skip to content
Compliance Engineer
| Company | Uvcyber |
|---|
| Location | United States |
|---|
| Salary | $115000 – $145000 |
|---|
| Type | Full-Time |
|---|
| Degrees | Bachelor’s |
|---|
| Experience Level | Senior |
|---|
Requirements
- Bachelor’s Degree in Computer Science or related field
- 5+ years of experience in GRC and/or IT audit-related projects
- Advanced knowledge of NIST 800, FedRAMP, FISMA, ISO 27001, and other related industry standards
- 3+ years of experience with IT controls, best practices, and procedures
- Experience with cloud-hosted, on-prem, and hybrid application deployment
- Ability to create and interpret implementation-specific documentation such as Operational Viewpoint (OV), Systems Viewpoint (SV), and data flow diagrams
- Experience validating Identity and Access management (IAM) architectures in enterprise Zero Trust environments
- Working knowledge of Zero Trust best practices per NIST and CISA
- Experience working with SASE and Zero Trust solution from vendors including, but not limited to Cisco, Cloudflare, Palo Alto, Microsoft, Netskope, and Zscaler
- An understanding of SD-Access, SD-WAN, CASB, SWG, MFA, FWaaS, ZTNA
- Strong communication and collaboration skills
Responsibilities
- Advises on compliance, audit and/or security requirements in association with applicable standards/regulations and/or best practices, including NIST and FISMA
- Supports multiple audiences (of varying technical proficiency) in developing and following appropriate security and privacy controls around IT operations
- Acts as a point of contact for external assessments related to achieving required certifications and customer contractual requirements
- Assists with internal risk assessment, audits, and benchmarking of security policies against regulations and standards across multiple business segments and products
- Operates as an internal consultant, researching and recommending changes to enhance or streamline quality and information security procedures, including internal and external auditing
- Reviews hosting, security, and audit contract terms and ensures compliance to current policies and processes
- Assists with the oversight to help maintain governance functions, including security policy and process development and updates
- Interfaces with external auditors to discuss security or IT hosting operations-related concerns during audits and collect and defend relevant evidence
- Coordinates responses to RFP and security questionnaires
- Follows established processes and procedures to ensure compliance with the policy
- Maintains multiple complex programs with little supervision, escalating issues as appropriate
- Communicates regularly with, GRC, IT, and PM teams
Preferred Qualifications
- Certifications such as CISSP, CISM, CCZT, GDSA, GSEC, and ZTCA are a plus
