Principal Product Compliance Engineer

Principal Product Compliance Engineer

Requirements

• Bachelor of Computer Science, Bachelors of Information Security, or equivalent
• 10+ years of experience in information security or equivalent and 5+ years of experience with delivering automation projects
• 3-5 years of experience in creating data pipelines to automate internal compliance control measurement using system data and reports, and creating compliance dashboards to monitor implementation status
• 3-5 years of experience in developing custom scripts to apply logic to test whether custom conditions are met as a means to measure control design and implementation status.

Responsibilities

• Build control and evidence automation to lessen the compliance burden. Aid in design and implementation of FedRAMP, NIST, and OWASP controls into the product development lifecycle. Ensure that all product features meet the rigorous compliance standards necessary for highly regulated industries.
• Create security and privacy control focused engineering specifications, user documentation, and other technical artifacts that convey compliant technical implementations. Ensure clarity and accessibility of documentation for both technical and non-technical stakeholders.
• Create and maintain compliance evidence for internal and external auditors. Develop processes to automate the generation of compliance evidence to streamline audit activities.
• Stay abreast of developments in regulatory standards and compliance best practices. Recommend and implement improvements to reduce the cost of compliance on teams.
• Continuously assess risk as part of the product change management process. Prioritize and address potential compliance gaps in collaboration with risk management and security teams.

Preferred Qualifications

• Working knowledge of compliance regulations, such as NIST, GDPR, and other federal and commercial regulations and compliance programs
• Experience running program and project management initiatives (e.g. organization-wide initiatives, large scale integration management)
• Expertise in software development or security engineering with strong skills in at least one programming language.
• Experience communicating complex concepts and developing communications for a wide variety of both technical and non-technical audiences
• Experience influencing the design of new product and updated products and features to represent security interests and outcomes
• Demonstrated success collaborating with cross-functional teams to drive results
• Demonstrated experience orienting towards solutions in the context of competing perspectives
• Capability to analyze software development processes, identify compliance risks, and propose practical solutions to mitigate these risks while ensuring business objectives are met
• Experience conducting root cause analysis, developing corrective action plans based on findings, and influencing stakeholders to adopt solutions
• Experience creating compliance documentation, such as procedures, process flow diagrams, threat models, and risk assessments
• Demonstrated skills creating team-specific software development guidance to enable secure, rapid delivery of products and services
• Strong commitment to continuous learning to stay up to date on industry trends, technologies, and best practices
• CISSP or equivalent
• Strong technical background, including experience in a variety of software development environments and methodologies
• Experience architecting GRC, ticketing, or CRM tools
• Experience building system and mechanisms to create a data pipeline of information used to monitor control status, and create control measurement used to verify implementation status
• Experience building mechanisms to detect change conditions to enable change control process
• Working knowledge of AI tools