Information Systems Security Compliance Engineer at Canonical

Description

• The Security Compliance Engineer works in the office of the CISO in the Risk & Compliance team to help Canonical to achieve overall security & compliance goals and relevant certifications, as well as compliance with regulatory frameworks and other relevant standards.
• The team's role is to ensure that Canonical conducts its business processes in compliance with laws and regulations, internal policies and procedures defined and international standards/best practices.
• This position is for an individual with the knowledge, drive and personal motivation to help build and grow a strong security & compliance governance framework in a fast-growing tech company, as well as help it achieve/maintain the necessary compliance certifications.
• This role can be home or office based. Periodic international travel for training and business meetings is required.

Key Responsibilities

• Collaborate with IT operations, Legal, Security, and Engineering teams to define and implement policies and procedures
• Help to design and implement controls to strengthen the company’s Security Posture
• Collaborate with various teams to ensure security standards are met across all projects
• Assess vulnerabilities/risks that could affect the integrity, availability, or confidentiality of data, systems, or services of the company and provide mitigation solutions
• Conduct regular audits to ensure compliance with internal policies and procedures, relevant security standards best practices, regulations and client requirements to identify gaps and provide remediation solutions
• Ensure controls are configured correctly and integrated into the security strategy
• Collaborate with internal teams to respond to Security Questionnaires, Contract  Compliance and Security & Compliance posture questions from customers
• Provide guidance and support to internal stakeholders regarding security & compliance practices
• Collaborate with internal teams to gather evidence for external audits
• Participate in the creation and or maintenance of the Information Security Management System
• Maintain an up-to-date knowledge on Security standards, best practices and trends to ensure ongoing compliance

Qualifications
Valuable experience:

• Bachelor's Degree (or equivalent) in Computer Science, Information Systems, or related field
• Affinity with Open Source software with regards to compliance
• Knowledge of designing and implementing security processes and solutions with topics ranging from architecture, governance, compliance, and operations
• Technical or engineering background, including software development, scripting, networking, and cloud architecture

Required skills and experience:

• 2+ years of experience within a security and compliance function
• Experience developing and maintaining policies, procedures, standards, and guidelines to align with company’s strategy and best practices
• Experience with security controls implementation, configuration and maintenance
• Experience with vulnerability management tooling, remediation, and processes
• Experience with coding/scripting in one or more languages (Python, C, C++, Java)
• Experience with Linux operating systems (Ubuntu preferred)
• Understanding of concepts related to Systems Engineering/DevOps, IaC, IAM, network security, systems security, cryptography
• Have a wide understanding of cybersecurity and data protection frameworks such as ISO 27001, NIST, SOC2, PCI-DSS, GDPR, CCPA.
• Experience with third party and external audits