Identity and Application Security Engineer
DPR Construction
Cloud
Compliance Specialist
New Charter Technologies
full-time
Posted on:
Origin: • 🇺🇸 United States • Colorado, Montana, Vermont, Wyoming
Visit company websiteSalary
💰 $150,000 per year
Job Level
Mid-LevelSenior
About the role
- Compliance & Regulatory Oversight: Ensure adherence to regulatory and industry standards relevant to clients (e.g., HIPAA, PCI-DSS, SOC 2, CMMC, GDPR, NIST CSF, ISO 27001).
- Policy & Documentation: Develop, implement, and maintain security compliance policies, standards, and procedures for both internal operations and client environments.
- Risk & Incident Management: Partner with security and service delivery teams to identify, assess, and mitigate compliance risks.
- Global Privacy Program: Design, implement, and manage a global privacy program that ensures compliance with data protection laws and regulations (e.g., GDPR, CCPA, HIPAA, PIPEDA, LGPD).
- Mergers & Acquisitions Oversight: Lead security and compliance due diligence activities during M&A processes.
- Third-Party Vendor Risk Management: Establish and maintain a third-party vendor risk management program.
Requirements
- Bachelor’s degree in Information Security, IT Management, Business, Law, or related field (or equivalent experience).
- 5+ years of experience in security compliance, privacy, or risk management, ideally within an MSP, SaaS, or multi-client environment.
- In-depth knowledge of global data privacy regulations (GDPR, CCPA, HIPAA, etc.).
- Experience with M&A due diligence and post-acquisition integration.
- Strong background in third-party/vendor risk management.
- Familiarity with common security frameworks (ISO 27001, NIST CSF, SOC 2, PCI-DSS, CMMC).
- Excellent written and verbal communication skills, including the ability to explain compliance requirements to technical and non-technical audiences.
- Relevant certifications (e.g., CIPP/E, CIPM, CISA, CISM, CISSP, ISO 27001 Lead Auditor) strongly preferred.
