Security Compliance Specialist

Boston

Secure Code Warrior

Secure Code Warrior helps developers write more secure code. We are focused on bringing an innovative approach to developer security training. Contact us today.

View company page

Cyber security is one of the fastest growing priorities across industries, with over half of developers expecting it to become even more important over the next 12-18 months. 
Here at Secure Code Warrior (SCW), we’re focused on transforming security and compliance from a check-box on the roadmap to an always-on mindset across the DevOps cycle. Our approach focuses on upskilling developers through gamification of learning and integrating with their preferred tool sets, such as GitLab and Atlassian. With SCW, companies are able to differentiate from their competition, and ship code faster and more securely than ever.
Founded in 2015 out of Australia, we are a truly global remote-first company with employees all across the globe including Australia, America, Belgium, England, Iceland and more. Plus, an exciting list of global brands that we’re proud to include as our customers, such as JP Morgan Chase & Co, Zoom, and Atlassian. 
After raising Series B in 2019, from firms such as Goldman Sachs and Cisco Investments, we’re excited to be in the next phase of our growth, focusing on scaling the business to bring secure coding education and developer tools to the world!
Top Employee Benefits:Global Flexible Work Schedule Unlimited Paid Time Off (really, we mean it!)Equity/Share OptionsRemote/ Optional Hybrid (Office space available in some locations)12 Weeks Gender Neutral Parental Leave
US Employees:Fully Paid Health, Vision, and Dental for Employees and Dependants401k w/ Match
Security Compliance is a key business function at Secure code Warrior. Compliance allows our customers to be confident in the security and privacy of our products, while also providing frameworks for well-tuned information security management systems and programs. These standards and frameworks provide clarity to Secure Code Warrior’s internal business teams on how to incorporate security principles in the management of systems, the development of products, and the expansion of our business footprint.
You will join Secure Code Warrior as a member of the wider security team, reporting into the Head of Security, Risk & Privacy, specializing in Security compliance. You will be instrumental in helping Secure Code Warrior manage and maintain its compliance with FedRamp and ISO 27001. In addition, you will help Secure Code Warrior extend its compliance program globally to frameworks such as SOC 1/2 and others that may be required.
This position can be based remotely within the USA

What will you be doing?

  • Participate in comprehensive assessments of information security policies and procedures against FedRAMP requirements.  Assessments may include GAP analysis as well as liaison with 3PAOs and Federal Agencies.
  • Ensure FedRAMP requirements are met.
  • Document and audit system architecture for security controls to address requirements. 
  • Identify control deficiencies and make appropriate recommendations.
  • Obtain and maintain evidence for 3PAO and internal audits.  Respond to requests from internal teams for documentation on controls.
  • Monitor/audit implementation and operation of Change Management process. 
  • Manage SCW’s ISO 27001 program, including collecting evidence and artifacts to present to auditors and customers.
  • Work cross-functionally with Engineering, Legal, Product, and operational teams to maintain management, technical, and operational controls
  • Manage SCW’s continuous monitoring program inclusive of annual assessments and significant changes
  • Support SCW’s Go-to Market teams and provide expert knowledge to respond to security questions and/or questionnaires.
  • Help guide our overall security policy and governance architecture
  • Have input and contribute to the overall security compliance strategy and roadmap.
  • Lead the compliance roadmap and help Secure Code Warrior work towards other standards and frameworks as required.
  • Manage Incident Response, Business Continuity and Disaster Recovery Compliance Activities.

What you will bring to the role?

  • 5+ years of relevant work experience including at least 3 years in a Security Compliance role;
  • Demonstrated experience working with and implementing all NIST 800-53 control families and FedRAMP requirements
  • Experience working closely with auditors to articulate technical concepts
  • Experience in auditing of network, operating system, and application security
  • Experience managing an audit throughout the full audit lifecycle
  • Familiarity with additional security standards and frameworks such as ISO 27000, SOC 2 highly regarded
  • Ability to work cross-functionally with internal stakeholders and strong communications skills
  • Ability to work efficiently and independently in a fast-paced, high-volume environment
  • Experience working in a SaaS environment preferred but not mandatory
  • One or more compliance certifications e.g. CRISC, CISM, CISA, CISSP, ISO 27001 Implementer, Architect or Lead Auditor.

You're joining us at an exciting stage in our journey, and are key to our future success. You’ll have the opportunity to create impact, deliver on your ideas, and use your spark; experience and expertise to help us live long and prosper. 
Warriors have full flexibility. We appreciate that you’ll do your best work when you’re rested and energized. With our business operating globally, there’s no 9-5 grind at Secure Code Warrior. You’re encouraged to work the days, times and in the way that suits your best. We also offer generous leave and work from home options so you can make work work for you.   
We’re a tight-knit team that values humility, diversity, giving back to the community and to each other. Giving back is key to being a Warrior, and we do what we can to make the world a little bit brighter as we work to make it more secure. 
Diversity. Inclusion. They’re more than just words for us. They’re the hard-and-fast principles guiding how we build our teams, cultivate leaders and create a company where every single person feels safe and celebrated. We have a global, multicultural following—we want to reflect that inside our walls and ensure people come as they are, we like it that way!

Tags: Application security Audits CISA CISM CISSP Compliance CRISC DevOps FedRAMP Governance Incident response ISO 27000 ISO 27001 Monitoring NIST Privacy SaaS SOC 1 SOC 2 Strategy

Perks/benefits: Career development Equity Flex hours Flex vacation Health care Parental leave Startup environment Unlimited paid time off

Region: North America
Country: United States
Job stats:  1  0  0
Category: Compliance Jobs

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.