Coordinates and performs security assessment functions, control reporting and activities in accordance with Internal Controls compliance, regulatory and departmental policy and procedures. The Security Compliance Engineer updates and maintains control matrices and spreadsheets and provides recommendations for management’s consideration. This position ensures compliance with internal controls, regulatory and information security policies and procedures. Security Compliance Engineer works with internal audit, external audit firms to provide supportive documentation as applicable. Security Compliance Engineer takes a lead role in ensuring the security of all protected information collected, used and maintained.
Responsibilities
Key accountabilities:
Implements security controls that align to regulatory requirements, ensuring documented and sustainable compliance that aligns with objectives.
Improves security positioning through process improvement, policy, automation, and the continuous evolution of capabilities;
Implements processes, such as VMP (Vulnerability Management Process), to automate and continuously monitor vulnerabilities, solving actions, mitigation actions and risks. Develops reporting metrics and dashboards.
Schedules regular assessments of controls and creates reports.
Runs security controls and provides support to all stakeholders on security controls covering internal assets.
Requirements
Core competencies, knowledge and experience:
Written and spoken English
Other widely spoken European languages – written and spoken
Information technology systems and processes, network infrastructure, data architecture, data processes, and protocols
Applicable information security management, governance, and compliance principles, practices, laws, rules and regulations
Incident response management
Maintaining confidentiality
Troubleshooting and operating a computer and various software packages
Defining problems, collecting and analyzing data, establishing facts and drawing valid conclusions
