Lead Security and Compliance Engineer
interop.io
AWSAzureCloudSDLC
Lead Security and Compliance Engineer
interop.io
full-time
Posted on:
Origin: • 🇧🇬 Bulgaria
Visit company websiteJob Level
Senior
Tech Stack
AWSAzureCloudSDLC
About the role
- Lead the design, implementation, and continuous improvement of the company’s information security and compliance programs; Maintain and manage the company’s annual SOC 2 Type II audit lifecycle; prepare for potential future audits such as ISO 27001; Define and maintain information security policies, standards, and practices across the organization; Act as the security and compliance subject matter expert in pre-sales and customer discussions, helping to build trust and influence client decisions; Partner closely with product, engineering, support, and sales teams to integrate secure development and operational practices; Identify security risks, drive remediation efforts, and maintain a comprehensive risk management program; Evaluate, implement, and manage security tools and processes, ensuring alignment with business objectives and compliance requirements; Report on security posture, metrics, and audit readiness to executive leadership and customers; Coordinate and influence engineers and other staff across business units to achieve compliance and security objectives, despite not having direct reporting lines
Requirements
- 7+ years of experience in information security, with a strong focus on compliance and risk management in the technology or fintech sectors; Proven experience leading security programs and compliance efforts (e.g., SOC 2, ISO 27001, GDPR, etc.); Strong technical understanding of modern software development practices, DevOps, cloud infrastructure (e.g., AWS, Azure), and SaaS operations; Exceptional written and verbal communication skills, with the ability to convey complex security topics to non-technical stakeholders and influence sales outcomes; Experience engaging with external auditors, regulators, and enterprise customers; Comfortable working independently in a fast-paced, resource-constrained environment; Adept at building cross-functional relationships and leading through influence; Familiarity with security tools such as identity and access management, vulnerability scanners, endpoint protection, and secure SDLC processes
