Senior Security Compliance Engineer
Bengaluru
ObserveAI
With Observe.AI, contact centers can act faster with real-time insights and guidance to improve performance, from more sales to higher retentionObserve.AI is trusted by hundreds of customers and partners, including Pearson, Accolade, Group 1 Automotive, Southeast Trans, and Public Storage. Our recent $125 million Series C led by Softbank Vision Fund 2 with participation from Zoom Video Communications, Inc., brings our total funding to date to $213M, with investments from Menlo Ventures, Next47, NGP Capital, Emergent Ventures, Scale Ventures, Nexus Ventures, and Y-Combinator. For more information, visit www.observe.ai.
The Opportunity:
We're looking for a hands-on compliance security engineer to play a key role in building Observe.AI’s Information Security Program. As an early member of the Observe.AI Information Security team, you'll play an impactful role in the security program’s priorities and direction. We work across company security challenges while ensuring that business requirements and partnerships with the AI/ML, engineering, DevSecOps, and other teams remain front of mind.
At Observe.AI, you are expected to be hands-on and craft scalable solutions for multiplex problems. Develop and scale the Governance, Risk, and Compliance capabilities. Perform security assessments, prioritize security risks, and develop key security compliance security metrics and KPIs. We as a team implement high-quality data-driven security engineering solutions.
What You Will Do as a Senior Security Compliance Engineer:
- Conduct Compliance Risk Assessments / Compliance Impact Assessments ( CIA) of cloud-based applications against all control domains (NIST or similar)
- Analyze project documentation like architecture diagrams and conduct interviews to perform risk and gap assessment
- Determine the impact of new projects/changes on the security & compliance posture of the organization.
- Conduct compliance assessments for complex systems including AI systems and identify and assess correlated risks
- Provide compliance and control requirements to new projects
- Provide compliant implementation standards/ best practices to achieve control requirements
- Integrate compliance and security into solution designs
- Assess risks of security gaps, and develop remediation plans. Perform follow-up activities related to driving remediation efforts.
- Support design and implementation of automated tools for compliance. Design self-service-oriented solutions for scaling compliance operations and deriving repeatable audit artifacts.
- Provide Audit Support as required. Engage with Engineering teams for readiness assessments, testing, and control review for annual and ongoing compliance audits (like ISO, SOC, PCI, HIPAA). Provide compliance consultation to design effective and complaint processes.
- Identify risks, process improvements, and design automated monitoring solutions for control areas like Change Management, Release Management, SDLC, Configuration Management, Logging, Software Supply Chain, Encryption, Monitoring etc. Drive implementation of effective controls.
- Assess and provide compliance requirements on data protection techniques and secure data handling practices
- Perform Vendor Security Assessments as part of the third party risk management program.
- Assist with the development of compliance documentation, policies, and processes in support of requirements and ensure that controls are operating effectively.
- Develop a close partnership with engineering to educate and inform them about the priority and importance of compliance requirements.
- Ability to identify risk-appropriate control implementation solutions while considering engineering and business priorities with compliance needs.
- Work cross-functionally to drive security control implementation for the organization.
Who you are:
- 7+ years of related work experience in Information Security Governance, Risk, and Compliance (GRC) or relevant Compliance roles in the tech industry. Big 4 consulting experience is a plus.
- Minimum 3 years prior experience auditing cloud environments (AWS, Azure, and GCP), performing compliance assessments, conducting risk assessments, and/or driving audits like ISO, SOC, PCI DSS, HIPAA
- Knowledge of AI Security and Compliance Frameworks
- Knowledge of AI-specific Security Threats and Vulnerabilities
- Ability to multitask and manage simultaneous projects
- Ability to organize, conduct, and drive meetings and outcomes independently. Must be aware of and deliver quality stakeholder engagement experience in a fast-paced, innovative environment
- Strong analytical, communication (verbal and written), and project management skills
- Ability to learn, understand, and work with new emerging technologies, methodologies, and solutions in the Cloud/IT technology space.
- Certification preferred in one or more of the following: CISA, CISSP, CISM, Cloud platforms such as AWS, Azure or GCP
- Familiarity with regulatory requirements and standards related to AI and Data security
- Ability to guide in implementing security compliance AI measures and machine learning systems
Observe.AI’s Information Security Team is growing fast. We are looking to hire security engineers who can help with the strategic direction and engineering mindset when solving and scaling product security capabilities.
Compensation, Benefits and PerksExcellent medical insurance options and free online doctor consultationsYearly privilege and sick leaves as per Karnataka S&E ActGenerous holidays (National and Festive) recognition and parental leave policiesLearning & Development fund to support your continuous learning journey and professional developmentFun events to build culture across the organizationFlexible benefit plans for tax exemptions (i.e. Meal card, PF, etc.)
Our Commitment to Inclusion and BelongingObserve.AI is an Equal Employment Opportunity employer that proudly pursues and hires a diverse workforce. Observe AI does not make hiring or employment decisions on the basis of race, color, religion or religious belief, ethnic or national origin, nationality, sex, gender, gender identity, sexual orientation, disability, age, military or veteran status, or any other basis protected by applicable local, state, or federal laws or prohibited by Company policy. Observe.AI also strives for a healthy and safe workplace and strictly prohibits harassment of any kind.
We welcome all people. We celebrate diversity of all kinds and are committed to creating an inclusive culture built on a foundation of respect for all individuals. We seek to hire, develop, and retain talented people from all backgrounds. Individuals from non-traditional backgrounds, historically marginalized or underrepresented groups are strongly encouraged to apply.
If you are ambitious, make an impact wherever you go, and you're ready to shape the future of Observe.AI, we encourage you to apply. For more information, visit www.observe.ai.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Audits Automation AWS Azure C CIA CISA CISM CISSP Cloud Compliance DevSecOps Encryption GCP Governance HIPAA KPIs Machine Learning Monitoring NIST PCI DSS Product security Risk assessment Risk management SDLC Security assessment SOC Vulnerabilities
Perks/benefits: Career development Insurance Medical leave Parental leave Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Penetration Tester jobs
- Open Cloud Security Architect jobs
- Open Security Operations Engineer jobs
- Open Principal Security Engineer jobs
- Open Information Security Officer jobs
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Senior Product Security Engineer jobs
- Open Chief Information Security Officer jobs
- Open Cyber Security Architect jobs
- Open IT Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Network Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Security Consultant jobs
- Open IT Security Analyst jobs
- Open Senior Information Security Analyst jobs
- Open Security Operations Analyst jobs
- Open Manager Pentest H/F jobs
- Open Information Security Architect jobs
- Open Information System Security Officer jobs
- Open Agile-related jobs
- Open Risk assessment-related jobs
- Open SOC-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open GCP-related jobs
- Open IAM-related jobs
- Open Application security-related jobs
- Open Pentesting-related jobs
- Open Threat intelligence-related jobs
- Open Vulnerability management-related jobs
- Open DoD-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open CEH-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open SaaS-related jobs
- Open Malware-related jobs
- Open Kubernetes-related jobs
- Open Java-related jobs
- Open EDR-related jobs
- Open TS/SCI-related jobs