Security and Compliance Engineer

 

We are seeking an experienced Security and Compliance Engineer to join our team and play a crucial role in safeguarding our SaaS platform, its supporting infrastructure, and the wider organization. The ideal candidate will have a solid foundation in adhering to regulatory and industry standards and collaborating across departments to establish and maintain effective security controls. By working closely with security, engineering, and product teams, this role will be instrumental in developing and maintaining security measures that contribute to the overall security and compliance of our services and organization. Note: while this is a remote-first role, we are prioritizing talent within New York City Metro Area, San Francisco Bay Area, or Greater Seattle for this position.

 

• Compliance Management: Maintain compliance with relevant industry regulations and standards such as SOC2, ISO, GDPR, NIST, etc.
  
• Audits and Assessments: Conduct routine internal audits to identify and address potential compliance gaps and status of the organization's security controls. Provide evidence collection and primary support for annual external audits. 
  
• Risk Assessment & Mitigation: Conduct regular risk assessments and participate in risk assessment exercises to evaluate and track current risk within the organization. Work closely with teams to mitigate and/or reduce the likelihood or impact of risks.
  
• Incident Response: Assist in the development of incident response plans and engage in incident response/disaster recovery exercises ensuring response activities align with relevant regulations and standards.
  
• Vendor Management: Assess and manage third-party vendor risks, ensuring compliance with our security and data protection standards.
  
• Continuous Improvement: Continually review evolving regulatory landscapes and industry best practices pertaining to information security and privacy and proactively identify areas for improvement within our compliance program.
  
• Education and Training: Foster a culture of security and compliance awareness through education and training to the greater organization.
  
• Communication and Trust: Address customer security concerns and inquiries, providing timely and transparent communication ensuring confidence in the security of our services.
  
• Collaboration: Work closely with cross-functional teams such as security and engineering, application, and support teams to ensure communication of compliance initiatives relevant to organization.
  
• Mission and Vision: Contribute your expertise to defining a long-term vision for securely improving and scaling our product.

• You possess mid level experience ensuring compliance with industry relevant standards and regulations.
• You have a strong working knowledge of national and regional information security standards, frameworks, and guidelines (e.g. NIST, SOC, ISO, GDPR, BDSG, etc).
• You are experienced within the SaaS industry and technologies utilized across major cloud providers.
• You thrive working in a collaborative environment, with a team that communicates well and ensures they’re delivering on each other’s needs. You add positive energy to the team, and make your coworkers feel included in every interaction.
• You have experience creating and implementing secure technology policies, training, and strategies.
• You are comfortable identifying and implementing various technologies used to improve the company's security posture.
• You are proficient in your ability to take initiative and perform skills independently or with limited guidance.
• You display flexibility to work on different projects in order to expand your knowledge within both the security and compliance domains.
• Required: Must be within New York City Metro Area, San Francisco Bay Area, or Greater Seattle. Relocation is not offered.

• 💰 Competitive Compensation. For this role our base salary is targeted at $107K - $125K per year. Final offer amounts are determined by factors such as experience and expertise.
• 💸  Additional Incentive. This role participates in our annual performance bonus as well. 
• 🏆  Syndio Equity. So you can share in Syndio’s success.
• 🏝  Flexible Vacation Policy. We encourage our team to recharge when they need to.
• 🐣 Up to 12 weeks of paid parental leave
• 🩺  Medical, Dental, Vision. Syndio pays 90% of employee premiums, and 50% for dependents.
• 🏥  Life Insurance & Disability. Syndio covers the full premium.
• 🏦 401(k). To help you save for your future.
• 📍Remote-First with opportunities for in-person connection.

• Within 1 month, you’ll understand the current state of compliance and our compliance processes.
• Within 3 months, you’ll play a role in small improvements and projects to improve our security posture while maintaining compliance.
• Within 6 months, you’ll have autonomy, leading efforts and collaborating on projects to increase the organization's overall security through internal audits, learning sessions, and leading informative sessions with various teams.
• Within 12 months, you’ll be celebrating with the team on your growth thus far and gearing up for our annual external audits.

The interview overview

Below is an outline of the interview plan for our Security and Compliance Engineer position. Please note that this is what we expect the process to look like; we may ask you for supplemental information or require an additional step before making a final decision.

1. 30-minute interview with a member of our Talent Team
2. 45-minute Zoom interview with an Engineering Manager
3. Three video interviews with several team members - 30min each