Senior Information Security Compliance Engineer
Overview
Senior Information Security Compliance Engineer is responsible for implementing and managing the organization’s security compliance initiatives to ensure consistency to regulatory requirements, internal policies, and industry standards. This role will work closely with multi-functional teams, including security operations, risk management, IT, legal, and audit, to ensure that security controls are effectively implemented, supervised, and continuously improved.
Responsibilities
-
Carry out regular security assessments and audits in collaboration with the security architect.
-
Supervise compliance across various IoT products and cloud platforms.
-
Coordinate internal and external audits and remediation tracking.
-
Lead and support frameworks including NIST 800-53, ISO 27001, FedRAMP, GDPR, EU CRA.
-
Implement and validate security policies, standards, and procedures in alignment with compliance obligations.
-
Support risk assessments by identifying gaps in security controls and proposing remediation plans.
-
Maintain and improve the cybersecurity policy framework.
-
Evaluate and recommend tools for control automation and monitoring.
-
Collaborate with various platform teams to ensure technical security controls meet compliance requirements.
-
Participate in vendor and third-party risk assessments.
-
Continuously supervise security compliance metrics and key performance indicators (KPIs) for specific product families.
Qualifications
-
Bachelor's Degree in Information Security and Assurance, Computer Science, Cybersecurity or related field required.
-
Master's Degree in Information Security and Assurance, Computer Science, Cybersecurity or related field preferred.
-
Minimum 5+ years of extensive all-round experience in the field of Cybersecurity with expertise in security compliance and audit.
-
Knowledge of common information security management frameworks, such as ISO/IEC 27001 or related and NIST Cybersecurity Framework (NIST CSF).
-
Familiarity with identity and access management (IAM), endpoint protection, SIEM, and vulnerability management systems.
-
Proven experience in information security, particularly within auditing, compliance and risk management.
-
Strong communication and interpersonal skills, including executive communication to senior leadership with focus towards building bridges with key collaborators.
-
Strong critical thinking and problem-solving skills to resolve problems effectively and creatively while maintaining a high level of flexibility, professionalism, and integrity.
-
Experience with cloud security, encryption technologies, and network security protocols preferred.
Experience
-
Security compliance and audit experience.
-
Experience with cloud and infrastructure security controls.
-
Auditing/Assurance experience.
-
Risk assessment and remediation planning.
-
Analytical thinker with strong problem-solving skills.
-
Detail-oriented with a strong focus on accuracy and the ability to manage multiple priorities.
-
Strong understanding of policy and procedure development and implementation.
Preferred Certifications
-
CISSP (Certified Information Systems Security Professional)
-
CISM (Certified Information Security Manager)
-
CISA (Certified Information Systems Auditor)
-
CRISC (Certified in Risk and Information Systems Control)
-
Cloud (AWS or Azure)
Pay and Benefits
The annual pay range for this position is $93,500 - $151,000, which consists of base salary (subject to performance), reflecting the hiring range for candidates. An individual’s offer may vary from this range as it may be impacted by additional factors, including but not limited to the candidate's hiring location, qualifications, experience, and market factors. Crestron Electronics offers a competitive total compensation package including Medical, Dental, Vision, Life Insurance, Short Term Disability, 401K with company match, Paid Time Off, Holidays, On-site Amenities at NJ Headquarters & TX Facilities, Crestron Market Cafes, and Fitness Centers.