Information Systems Security Compliance Engineer

• The team's role is to ensure that Canonical conducts its business processes in compliance with laws and regulations, internal policies and procedures defined and international standards/best practices. This position is for an individual with the knowledge, drive and personal motivation to help build and grow a strong security & compliance governance framework in a fast-growing tech company, as well as help it achieve/maintain the necessary compliance certifications.
  
• This role can be home or office based. Periodic international travel for training and business meetings is required.
  

Required skills and experience:

• 2+ years of experience within a security and compliance function
  
• Experience developing and maintaining policies, procedures, standards, and guidelines to align with company's strategy and best practices
  
• Experience with security controls implementation, configuration and maintenance
  
• Experience with vulnerability management tooling, remediation, and processes
  
• Experience with coding/scripting in one or more languages (Python, C, C++, Java)
  
• Experience with Linux operating systems (Ubuntu preferred)
  
• Understanding of concepts related to Systems Engineering/DevOps, IaC, IAM, network security, systems security, cryptography
  
• Have a wide understanding of cybersecurity and data protection frameworks such as ISO 27001, NIST, SOC2, PCI-DSS, GDPR, CCPA.
  
• Experience with third party and external audits
  

Valuable experience:

• Bachelor's degree (or equivalent) in Computer Science, Information Systems, or related field
  
• Affinity with Open Source software with regards to compliance
  
• Knowledge of designing and implementing security processes and solutions with topics ranging from architecture, governance, compliance, and operations
  
• Technical or engineering background, including software development, scripting, networking, and cloud architecture
  

• The team's role is to ensure that Canonical conducts its business processes in compliance with laws and regulations, internal policies and procedures defined and international standards/best practices. This position is for an individual with the knowledge, drive and personal motivation to help build and grow a strong security & compliance governance framework in a fast-growing tech company, as well as help it achieve/maintain the necessary compliance certifications.
  
• This role can be home or office based. Periodic international travel for training and business meetings is required.
  

Required skills and experience:

• 2+ years of experience within a security and compliance function
  
• Experience developing and maintaining policies, procedures, standards, and guidelines to align with company's strategy and best practices
  
• Experience with security controls implementation, configuration and maintenance
  
• Experience with vulnerability management tooling, remediation, and processes
  
• Experience with coding/scripting in one or more languages (Python, C, C++, Java)
  
• Experience with Linux operating systems (Ubuntu preferred)
  
• Understanding of concepts related to Systems Engineering/DevOps, IaC, IAM, network security, systems security, cryptography
  
• Have a wide understanding of cybersecurity and data protection frameworks such as ISO 27001, NIST, SOC2, PCI-DSS, GDPR, CCPA.
  
• Experience with third party and external audits
  

Valuable experience:

• Bachelor's degree (or equivalent) in Computer Science, Information Systems, or related field
  
• Affinity with Open Source software with regards to compliance
  
• Knowledge of designing and implementing security processes and solutions with topics ranging from architecture, governance, compliance, and operations
  
• Technical or engineering background, including software development, scripting, networking, and cloud architecture
  

• Collaborate with IT operations, Legal, Security, and Engineering teams to define and implement policies and procedures
  
• Help to design and implement controls to strengthen the company's Security Posture
  
• Collaborate with various teams to ensure security standards are met across all projects
  
• Assess vulnerabilities/risks that could affect the integrity, availability, or confidentiality of data, systems, or services of the company and provide mitigation solutions
  
• Conduct regular audits to ensure compliance with internal policies and procedures, relevant security standards best practices, regulations and client requirements to identify gaps and provide remediation solutions
  
• Ensure controls are configured correctly and integrated into the security strategy
  
• Collaborate with internal teams to respond to Security Questionnaires, Contract Compliance and Security & Compliance posture questions from customers
  
• Provide guidance and support to internal stakeholders regarding security & compliance practices
  
• Collaborate with internal teams to gather evidence for external audits
  
• Participate in the creation and or maintenance of the Information Security Management System
  
• Maintain an up-to-date knowledge on Security standards, best practices and trends to ensure ongoing compliance