As a senior compliance engineer, you will be responsible for improving and maintaining our security controls and policies as well as designing new controls where we require them. We are looking for an individual who is passionate about Information Security, has led Security compliance and certification efforts in SaaS companies and has proven experience working effectively across various departments within a fast-paced company. You will be self-motivated, articulate and organized in leading internal audits, identifying gaps and effectively putting in place remediation measure to address the gaps. You will report to Director of Information Security and will work closely with Program Management, Engineering, Operations and the Security team to drive compliance efforts.
- Own the maintenance of security controls for different compliance standards such as SOC 2 and ISO 27001. Periodically review the controls to account for change in process, technologies used, services/products offered and the deployment environment. Work with Program Management, Engineering, Operations and Security team and the impacted departments to modify existing controls or define new ones and operationalize them.
- Develop compliance strategy in alignment with business requirements, objectives and metrics.
- Perform internal audits monthly or quarterly depending on the priority of the control group, assess gaps and work with external consultants and stakeholders to address them.
- Raise compliance tickets for various departments such as Operations, Support and IT to generate and review access list for key systems.
- Ensure that the security controls are operating effectively in the organization always.
- Co-own the audit calendar with Program Management, prepare evidence for audit periodically and work with external auditors during assessments.
- Maintain compliance documents such as the controls, evidences collected and the audit reports in an organized fashion.
- Be the point of contact for the organization to answer questions on compliance as well as to share audit reports with customers and prospects under NDA.
- Perform vendor risk assessment annually for existing vendors, identify gaps if any and work with the stakeholders and the vendor on next steps. Perform risk assessments for new vendors during evaluation/onboarding.
- Respond to RFPs from Sales and Assessment questionnaire from Support/Customer Success teams.
- Assist with roll out/tracking of security awareness training within the company.
- Lead privacy initiatives.
- Help build a culture of security within the company.
- Bachelor’s degree, with relevant on-the-job technical experience.
- Minimum 5 years of compliance experience with SOC 2 or ISO 27001/27018. Experience with HIPAA, FedRAMP, PCI or GDPR is a plus.
- 4+ years’ experience in a security function at a cloud service or software company.
- Prior experience helping an organization achieve and maintain compliance certifications such as SOC 2 or ISO 27001 is a must. Use of tools to help with compliance efforts will be a plus.
- Good communication skills with the ability to work with a disparate set of stakeholders – HR, Engineering, Operations, Support, etc. inside a company, and auditors, customers, vendors, partners outside the company.
- Good understanding of Information Security principles, the relating of compliance controls to those principles and articulating the relevance of controls to stakeholders.
- Ability to maintain a flexible work schedule to enable interactions across multiple time zones with remote teams is a plus
Why Blue Jeans is THE PLACE to be?
At BlueJeans, we’re transforming the way people meet by creating a human connection in every experience. Together, we’re bringing video to everyone, regardless of location or device, including mobile, desktop, or room systems. We work with thousands of companies worldwide to upgrade everyday meetings, large-scale events, and social network broadcasts by replacing traditional web conferencing with face-to-face video communication.
All our customers have one trait in common: they understand the benefits to bringing their employees, leaders, and partners closer together. Since 2009, we have raised $175M in funding led by Accel Partners, Battery Ventures, NEA, and Norwest Venture Partners, and have been ranked on Forbes Cloud 100 list two years running.