Key skills
ELTAmazon Web ServicesAzureLeadershipRisk ManagementCommunicationProblem Solving
About this role
BRG is a health technology company that focuses on innovative solutions for drug discount data exchange. They are seeking a motivated Security Engineer (Compliance) to join their Security team, responsible for managing compliance frameworks and supporting risk management programs.
Responsibilities:
- Own, manage, and support the application of key compliance frameworks (SOC 1 and 2, ISO 27001, CSA STAR, NIST CSF, etc)
- Develop, control, and maintain applicable organizational policies, procedures, best practices, and guides associated with key compliance requirements and in support of annual audits
- Assist in the development and implementation of an internal audit program designed to:
- Measure the effectiveness of organizational processes and procedures
- Assess organizational adherence to those processes and procedures
- Identify opportunities for organizational and systemic process improvement; and
- Alert the organization about emerging risks to the comprehensive compliance program
- Support the Risk Management Program with a goal of making risk-based decisions an integrated part of the cultural landscape, including:
- Risk identification
- Risk mitigation
- Risk monitoring
- Risk reporting; and
- Documentation of risk realization and/or retirement
- Work closely with the Security Operations (SecOps) team to ensure security functions meet operational compliance requirements and will meet/exceed independent annual audit standards
- Ensure technical, operational, and administrative controls are fully operable and meet standards necessary for SOC 1 and 2 audits
- Support Quarterly Access Reviews (QARs) as part of the larger User Access Request process
Requirements:
- 5+ years of proven work experience as a System or Information Security Engineer, Compliance Engineer, or Risk Engineer
- Detailed technical knowledge of compliance frameworks and their application across systems and organizations
- Thorough understanding of the latest security principles, techniques, and protocols
- Problem solving skills and ability to work under pressure
- Experience with compliance frameworks (e.g., SOC 1 and 2, ISO 27001, CSA STAR, NIST CSF)
- Familiarity with web related technologies (Web applications, Web Services, Service Oriented Architectures) and network/web related protocols
- Experience with cloud services (Microsoft 365, SharePoint Online, Microsoft Azure, and Amazon Web Services)
- Operational understanding of security systems, including firewalls, intrusion detection systems, anti-virus software, authentication systems, log management, and content
- Ideal candidates will have a strong risk background that includes: risk identification, adjudication, and mitigation development experience; experience working with engineering teams to document, plan, and address identified risk items; documentation and communication of identified risks to organizational leadership (up to and include the Executive Leadership Team or ELT); regular review and maintenance of residual risk items; and ownership of risks and the applicable risk lifecycle through risk identification, adjudication, mitigation/reduction, avoidance, transference, realization, and retirement
- Candidate must be able to submit verification of his/her legal right to work in the U.S., without company sponsorship