Compliance Engineer

Summary

Join WorkWave's Compliance Team and play a critical role in supporting the security manager to maintain, improve, and expand the company’s compliance programs. You will manage day-to-day compliance activities, work with internal teams, and liaise with external auditors and regulatory bodies. This pivotal role ensures the company meets and exceeds regulatory standards, including PCI DSS, SOC, ISO certifications, and data privacy frameworks. Responsibilities include developing and maintaining the compliance program, supporting internal audits, assisting with cybersecurity initiatives, monitoring compliance, and providing compliance training. WorkWave offers a remote-first global work community with flexible time off, paid bonding leave, and various other benefits.

Requirements

• Bachelor's degree in information security, compliance, or a related field
• 2+ years of experience in a compliance role, preferably within the technology or software industry
• Experience working with one or more of the following frameworks: PCI DSS, SOC, ISO, GDPR, CCPA, or other data privacy laws
• Strong understanding of regulatory compliance and industry standards such as PCI DSS, SOC-1, SOC-2, SOC-3, ISO, GDPR, and other data privacy regulations
• Excellent organizational skills with attention to detail
• Strong problem-solving skills with the ability to analyze and mitigate risk
• Effective communication skills, both written and verbal, for collaborating with internal and external stakeholders
• Ability to manage multiple projects simultaneously and prioritize in a fast-paced environment
• A proactive approach to staying up to date on the latest developments in regulatory requirements and industry standards

Responsibilities

• Assist in building and maintaining the company’s comprehensive compliance program
• Design, implement, enforce and continuously improve internal policies, procedures and internal controls to meet regulatory requirements (Ex. PCI DSS, SOC, ISO, Data Privacy)
• Develop a roadmap to ensure compliance with emerging regulatory standards and customer expectations
• Maintain documentation of the compliance program and update as needed to reflect changes in regulations and business operations
• Support internal teams to ensure compliance with security and privacy controls, regulations, and standards
• Support external and internal audits, including coordination of audit requests, gathering required documentation, and facilitating discussions between auditors and internal teams
• Assist in the remediation of audit findings and monitor the effectiveness of corrective actions
• Assist other teams in maintaining a robust cybersecurity framework aligned with NIST, CIS Controls, and other relevant standards
• Identify and analyze potential security threats, vulnerabilities, and risks to the company’s systems and data
• Participate in cybersecurity incident response efforts, including documentation and reporting on any security breaches or data privacy incidents
• Help ensure compliance with security-related frameworks, such as SOC 2 and PCI DSS, and participate in regular cybersecurity risk assessments
• Monitor compliance with internal controls and regulatory requirements, identifying areas for improvement or potential gaps
• Track and report on the status of compliance activities, initiatives, and projects
• Develop and maintain compliance metrics to provide clear visibility to stakeholders
• Support the creation and delivery of compliance training programs for staff to ensure ongoing awareness of key compliance requirements and industry best practices
• Promote a culture of compliance throughout the organization by fostering communication and providing resources to different departments
• Assist in conducting risk assessments related to compliance and security, identifying potential risks and recommending mitigation strategies
• Support the security manager in responding to security and data privacy incidents, ensuring compliance with breach reporting requirements
• Stay informed of changes to relevant regulatory requirements and industry standards
• Collaborate with cross-functional teams to implement continuous improvements in the compliance program

Preferred Qualifications

• Experience supporting compliance in SaaS or cloud environments
• Knowledge of security frameworks such as NIST or CIS Controls
• Familiarity with automated tools used to support compliance efforts

Benefits

• Health and dental
• 401k with company match
• Flexible Time Off policy or generous PTO plan (role dependent) and paid holidays
• Up to 4 weeks paid bonding leave
• Free subscription to the Calm App for you and up to 4 dependents!
• Tuition reimbursement
• Robust Employee Assistance Program through TotalCare offering free counseling 24/7/365, plus financial counseling, legal guidance, adoption assistance services and much more!
• 24/7 access to virtual medical care with Teladoc
• Quarterly awards based on peer nominations
• Regional discounts and perks
• Opportunities to participate in charitable events and give back to the community
• Remote work flexibility