Security & Compliance Engineer

Company Description

Denodo is a high growth, market leading enterprise software company backed by HGGC. We are recognized as a leader by Gartner and Forrester, and uniquely positioned to address the data fragmentation problems that exist in many enterprises.  

We thrive in dynamic environments, and at the risk of sounding cliché, we work hard, and we play hard. People at Denodo are builders at heart. Our global teams are constantly interacting and working together to empower people around the world, build community and connect in meaningful ways. 

Denodo's success is founded on being innovative and creative, on delivering the best solutions with the highest levels of customer satisfaction and on having a unique piece of technology. A company can only be as forward-thinking as its people, which explains why we have become the leading developer of Data Virtualization, Data Services and Cloud Data Integration technologies and solutions for the enterprise.

At Denodo, we are like a family and it is of the utmost importance to us that we help support your professional growth every step of the way.

Job Description

You will be part of Denodo’s Security team, which is responsible for managing security compliance, as well as, respond to customers' and third parties' security requirements. Besides, the Security team provides design, deployment & support for security systems, services, and requirements in all Denodo locations.

The ideal candidate will be a security compliance professional with an optional technical background.  We are willing to consider candidates that have a serious desire to enter the security profession and would enjoy jumping into a challenging position on the cutting edge of security operations. As a Security Engineer, you will be responsible for managing the policies, procedures, and controls to ensure that the corporation meets and maintains compliance with general security standards.  Additionally, the candidate will be enhancing the corporate security and detection capabilities to catch advanced threats, appraising threat actors, building advanced correlation use cases, and reporting. The candidate will improve global corporate security by defining, selecting, deploying, and operating new security platforms.

Duties & Responsibilities.

• Presales & Customer Communication 
  • Respond to security sections on Request for Proposals (RFP), Requests for Information (RFI), Proof of Concept (POC), assessments, review security contract clauses, and perform vendor assessments from our customers
• ISO Audit and Compliance
  • Managing the Denodo Information Security Management System (ISMS) according to the ISO/IEC 27001:2013 certification processes including the Information Security policies, procedures, guidelines and audit
  • Participation in the risk analysis process in the role of a technical expert
  • Collaborate with the business teams and staff at all levels to promote the Information Security agenda
  • Develop and manage the continuous improvement of security controls
  • Develop and perform a vendor assessment to our suppliers
  • Update process documentation and team portals
  • Support auditors and provide articles of evidence as needed, review audit reports, implement or support the implementation of necessary remediations
• Build, Communicate and Secure Internal Systems
  • Ensure that security policy and security standards are implemented and adhered to while also managing exceptions
  • Stay abreast of current and future security risks and adapt mitigations and controls accordingly
  • Raising user awareness in technological areas
  • Implement and support the deployment of new security technologies, both software and hardware, across the company including both Cloud and on-site solutions for the protection of the organization based on the latest threats
  • Provide operational incident support across a set of assigned technologies
  • Implement requested changes, updates, and improvements to the global security infrastructure including minor updates, report development, access provisioning, implementation of major upgrades, as well as alert tuning and development
  • Assist Information Asset Owners and other company teams to define and implement appropriate security recommendations
• Security Operations
  • Involved in security breaches and threats, issue handling, and investigate violations when they occur
  • Implementation of technical safety measures
  • Maintenance of Information and Communication Technology (ICT) infrastructure and resources related to support the ISMS
  • Supervision of access rights to the Denodo’s corporate resources
  • Support of users in security related topics and incidents
  • Communicate with peers and managers regarding security issues
  • Participate in 24x7 on-call
  • Willing to work on a flexible schedule when necessary (working outside of normal business hours, holidays, and some weekends)

Qualifications

• Required experience with ISO/IEC 27001 maintenance or another security compliance standard (SOC-2, NIST CSF, NIST 800-53,  Cybersecurity Maturity Model Certification (CMMC), Cyber Essentials, etc.)
• Certification to one or more or of the equivalent: CISSP, CISM, ISO/IEC 27001 lead implementer, ITIL
• Minimum 2 years of relevant experience in an Information Security function
• Experience in responding to customer/partner-specific Information Security requirements (RFP, RFI, POC) 
• Experience reviewing security contracts clauses, and performing vendor assessments
• Be able to understand the controls and processes associated with other certification, legal, regulatory, and compliance security frameworks.  For example, these include the General Data Protection Regulation (GDPR), The California Consumer Privacy Act (CCPA), China’s first Cybersecurity Law (CSL), Cyber Essentials, ISO-27001, SOC 2, NIST CSF, NIST 800-53
• Ability to use problem-solving techniques, troubleshoot system outages, and provide timely solutions to operational issues
• Identify root causes in order to drive improvements into the platform to prevent future operational incidents
• Qualified education degree relating to security of Information Systems and demonstrated knowledge and experience
• Proactive and ability to work autonomously
• Have professional curiosity and the ability to enable yourself in new technologies and tasks
• Excellent verbal and written communication skills to be able to interact with technical and business counterparts
• Strong knowledge of information security with operations (ITIL) experience
• Familiarity with application and infrastructure vulnerabilities and encryption 
• Experience supporting complex global security infrastructures
• Ability to handle multiple complex tasks in a dynamic environment with tight deadlines concurrently
• Good English level, additional languages will be a plus
• Having Cloud experience on AWS, AZURE, or Google will be a plus

Additional Information

Employment Practices

Denodo is an equal opportunity employer and prohibits discrimination and harassment of any kind. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity or expression, pregnancy, age, national origin, disability status, genetic information, protected veteran status, or any other characteristic protected by applicable law. Denodo will provide reasonable accommodation to employees who have protected disabilities in accordance with applicable law.

We do not accept resumes from headhunters or suppliers that have not signed a formal fee agreement. Therefore, any resume received from an unapproved supplier will be considered unsolicited, and we will not be obligated to pay a referral fee.