Share this Job

Sr. Security Compliance Engineer (remote)

Date:  Jul 30, 2021
Location: 

remote, MA, US, remote

Company Name: 

EBSCO Information Services (EIS) provides a complete and optimized research solution comprised of e-journals, e-books, and research databases — all combined with the most powerful discovery service to support the information needs and maximize the research experience of our end-users. Headquartered in Ipswich, MA, EIS employs more than 3,300 people worldwide. We are the leader in our field due to our cutting-edge technology, forward-thinking philosophy, and top-notch workforce. EIS, a division of EBSCO Industries Inc., based in Birmingham, AL, is ranked in the top 200 of the nation’s largest, privately held corporations according to Forbes magazine. EBSCO is a company that will motivate you, inspire you, and allow you to grow. We are looking for the best. If you are too, we encourage you to explore our unique opportunities.

Part of the Governance, Risk, and Compliance (GRC) team, the Sr. Security Compliance Engineer will act as subject matter expert and solutions provider for application and network layers security and privacy assurance. Providing internal audit and external vendor risk management functions, this position will help govern the secure and private processing of Customer and Partner data. Comfortable working in a fast-paced agile (SAFe) DevOps environment, the ideal candidate excels at quickly understanding complex application and network situations, identifying risks, and providing guidance (and solutions) on how to fix them. Position provides company-wide security oversight and development team assistance, while performing risk assessments on EIS Product/Service offerings and supporting infrastructure. Position provides direct support to EIS Security/Privacy GRC Analysts for Contract/RFP response, Customer queries, and new/recurring vendor assessments.

 

EBSCO is migrating towards managing AWS Infrastructure as Code, and therefore, previous experience with AWS governance and monitoring tooling is desired to support our go-forward philosophy of AWS Compliance as Code. Previous AWS and scripting experience is desired, but the right candidate will have an opportunity to learn and grow using the latest cloud technologies.

 

Primary Responsibilities

· Coordinate across teams in establishing baseline security requirements for EIS Data Assets and develop/maintain standards that enable security/privacy best practices, emphasizing automated governance solutions for newer Continuous Integration/Continuous Deployment (CI/CD) pipelines and innovative solutions for traditional/legacy technology bases … appropriate skills in both areas desired.

· Develop, maintain, and coordinate the Security Crisis Management Program

· Develop a Business Impact Assessment (BIA) process and implement a Business Continuity Planning (BCP) program.

· Establish a consistent Availability Plan including ensuring execution of backup plan/strategy.

· Devise and maintain security governance controls in legacy technology and cloud-native environments.

· Align and collaborate with Cloud Business Office/Cloud Security Architects/SMEs to maintain and audit cloud service requirements (service models/templates) and/or workflows.

· Audit Cloud Security Posture Management (CSPM) functions, logging, monitoring, and remediation. Audit automation technical environments to ensure secure operations.

· Help identify the top human risks to our organization and key behaviors/constructs/services that we need to change to mitigate those risks.

· Work with external vendors and partners as needed to establish quotes, production schedules, delivery, and implementation of materials.

· Update and participate in regular exercises for Security Incident Response.

· Participate in security incident response and risk mitigation.

 

Role Based Competencies:

· Ability to conduct technical risk assessments and collaborate/communicate in a simple, clear, and concise manner to the various communities within our organization.

· Maintains a deep knowledge of risk mitigation principles and techniques in EIS Technology Stacks.

· Demonstrates understanding and use of basic project management methodologies, including the ability to plan, manage and maintain a complex, organization-wide long- term program.

· Strong technical writing and interpersonal skills with ability to communicate effectively verbally

· Maintains a passion to learn and research technical skills relevant in a highly complex environment.

· Demonstrates resilience and flexibility in a rapidly changing environment to explore different strategies and achieve desired outcomes.

· Possesses a high degree of independence, integrity, and confidentiality while able to independently develop and deliver presentations and can respond to questions.

· Highly organized and able to multi-task and manage concurrent deadlines and able to effectively contribute to and lead working groups.

· Comfortable working in cross functional and multidisciplinary teams

· Mentors and coaches colleagues and seeks opportunities for continuous improvement.

 

Required Qualifications

· Bachelor’s degree in computer science or engineering related field or equivalent work experience

· Minimum of 5 years IT security engineering experience

· Minimum 3 years experience with microservices architecture

· Minimum 3 years experience working in an Agile SDLC.

 

Preferred Qualifications

· Security Governance Certifications preferred (CISSP, CISM, CISA, CGEIT, CRISC)

· Previous software development/coding experience (Python, Ruby, JSON) preferred

· Previous experience implementing Compliance as Code.

· Scaled Agile Framework for Enterprise (SAFe) certifications a plus.

· Experience in following areas preferred, but not required. Healthcare Insurance Portability and Accounting Act (HIPAA), Child Online Privacy Protection Act (COPPA), General Data Protection Regulation (GDPR), Family Educational Rights and Privacy Act (FERPA), FEDRAMP, ISO 27001, ISO 27701, and CCPA.

EBSCO Industries, Inc.is an equal opportunity employer and complies with all applicable federal, state, and local fair employment practices laws.  EBSCO strictly prohibits and does not tolerate discrimination against employees, applicants, or any other covered persons because of race, color, sex (including pregnancy), age, national origin or ancestry, ethnicity, religion, creed, sexual orientation, gender identity, status as a veteran, and basis of disability or any other federal, state or local protected class.  This policy applies to all terms and conditions of employment, including, but not limited to, hiring, training, promotion, discipline, compensation, benefits, and termination of employment.

EBSCO complies with the Americans with Disabilities Act (ADA), as amended by the ADA Amendments Act, and all applicable state or local law.

View EEO PDF


Job Segment: Compliance, Engineer, Computer Science, Cloud, Project Manager, Legal, Engineering, Technology