Product Security Compliance Assessor

As a Product Security Compliance Assessor, you will join the IT Governance, Risk, and Compliance (GRC) team to take on the compliance assurance function.

What you’ll be doing

• Perform technical compliance evidence review independently for NIST-800-218 (CISA SSDF) & EU CRA framework and provide timely updates to the compliance manager.
• Work closely with assigned R&D stakeholders to ensure that the coordinate control evidence requirements, assessment reporting and mapping to policy, regulation and best practice.
• Work with relevant stakeholders to build plan of actions and milestones, track progress against evidence or control gaps, and communicate/follow-up pending actions/evidence in a timely fashion.
• Identify, document, and report control deficiencies and associated recommendations for improvements.
• Ensure that all required evidence is documented timely in the required evidence repository and compliance tools such as CloudBee Compliance, Audit Board etc.
• Communicate written compliance assessment update daily to the group project manager.
• Understand current information security regulatory applicability and monitor for upcoming regulatory changes and revisions.
• Support the alignment of the policies and standards to both regulations and best practices.
• Must have strong technical knowledge/understanding of Secure Software Development Life Cycle and other security.
• Working knowledge of best practices for security architecture and design for software development.
• Ability to assess cybersecurity controls and technology configurations.
• Be able explain complex findings in an understandable language to both technical and non-technical stakeholders.

What you’ll need to be successful

• Technical Bachelor's Degree Information Systems and/or Cybersecurity
• 2 - 4 years direct Technical IT Audit/Governance Risk Compliance experience
• Certification in Information Security such as Security +, CISA, etc.
• Ability to establish effective working relationships among team members and participate in solving problems and making decisions
• Ability to present and express ideas and information clearly and concisely in a manner appropriate to the audience, whether oral or written
• Ability to actively listen to what others are saying to achieve understanding, sharing information with others and facilitating the open exchange of ideas and information
• Ability to establish courses of action for self to accomplish specific goals, develop and use tracking systems for monitoring own work progress, and effectively use resources such as time and information
• Ability to make right decisions based on perceptive and analytical processes, practicing good judgment in gray areas

What we’ll hook you up with:

• Your well-being matters: you will get flextime and support for your personal needs
• You get access to a time bank: you can take time off when needed and add time to make up for the “time loan”
• We care about each other, joys and challenges alike. There’s always someone you can share a laugh, a problem, or a story with
• Other goodies that support a good life-work balance: private medical insurance, team activities, and more.