Key skills
Risk ManagementCommunication
About this role
Role Overview
- Ensure Entrusts Public Key Infrastructure Certificate Authority (PKI CA) products meet applicable compliance frameworks, customer contractual requirements, and emerging standards across multiple communities of trust.
- Provide support as needed to ensure that other DSS products remain in compliance with the applicable frameworks, regulatory requirements and customer contractual requirements for each.
- Escalate compliance issues that arise in production service environments to the Entrust Policy Management Authority (EPMA) while maintaining on-going ownership of the issues and supporting PA/EPMA direction through issue resolution.
- Facilitate external auditor engagements, organize required compliance evidence, schedule required resources, submit required reports, and manage audit timelines.
- Closely monitor and advise product and development teams on regulatory priorities and emerging PKI use cases from multiple communities of trust (e.g., financial services, healthcare, government).
- Feedback and monitor requirements and/or requirements change for each community of trust to the internal teams, ensuring alignment with Entrust’s compliance strategy.
- Represent Entrust and take the lead on standards body engagement, as directed.
- Make recommendations and follow-up to mitigate compliance risks and drive continuous improvement.
- Oversee and drive the end-to-end operational security compliance and audit programs for WTCA and other applicable frameworks.
- Review and make recommendations on operational procedures to ensure they efficiently and effectively comply with all relevant requirements.
- Contribute applicable metrics to product compliance scorecards.
- Facilitate timely identification, communication, and recommended resolution of compliance risks.
- Serve as the internal and customer-facing subject matter expert on compliance frameworks (including WTCA and others).
- Advise customers and internal stakeholders on best practices, compliance, and audit processes across multiple standards.
Requirements
- Associate or bachelor’s Degree
- 5+ years of security compliance or audit experience with various compliance frameworks (e.g., WTCA, Netsec)
- Strong Governance, Risk Management and Compliance process experience
- Ability to work cross functionally with leaders and team members across time zones and continents
- Experience with internal controls, risk assessments, business processes and internal IT control testing or operational auditing
- Excellent writing, analytical and problem-solving skills
- Security clearance or ability to obtain a security clearance (preferred)
- Prior experience with one or more of the following frameworks: NIST, FedRAMP, ISO, SOC 2, A-SIT, Common Criteria, DORA, eIDAS, ETSI, and NIAP (preferred)
Benefits
- Comprehensive benefits
- Vacation
- Paid time off
- Paid holidays