Sorry, this listing is no longer accepting applications. Don’t worry, we have more awesome opportunities and internships for you.

Associate Security & Compliance Engineer

D

Denodo Technologies

Associate Security & Compliance Engineer

Boise, ID
Full Time
Paid
Similar Jobs
  • Responsibilities

    Job Description

    You will be part of Denodo’s Security team, which is responsible for managing security compliance, as well as, respond to customers' and third parties' security requirements. Besides, the Security team provides design, deployment & support for security systems, services, and requirements in all Denodo locations.

    The ideal candidate will be a security compliance professional with an optional technical background.  We are willing to consider candidates that have a serious desire to enter the security profession and would enjoy jumping into a challenging position on the cutting edge of security operations. As a Security Engineer, you will be responsible for managing the policies, procedures, and controls to ensure that the corporation meets and maintains compliance with general security standards.  Additionally, the candidate will be enhancing the corporate security and detection capabilities to catch advanced threats, appraising threat actors, building advanced correlation use cases, and reporting. The candidate will improve global corporate security by defining, selecting, deploying, and operating new security platforms.

    DUTIES & RESPONSIBILITIES.

    • Presales & Customer Communication 
      • Respond to security sections on Request for Proposals (RFP), Requests for Information (RFI), Proof of Concept (POC), assessments, review security contract clauses, and perform vendor assessments from our customers
    • ISO Audit and Compliance
      • Managing the Denodo Information Security Management System (ISMS) according to the ISO/IEC 27001:2013 certification processes including the Information Security policies, procedures, guidelines and audit
      • Participation in the risk analysis process in the role of a technical expert
      • Collaborate with the business teams and staff at all levels to promote the Information Security agenda
      • Develop and manage the continuous improvement of security controls
      • Develop and perform a vendor assessment to our suppliers
      • Update process documentation and team portals
      • Support auditors and provide articles of evidence as needed, review audit reports, implement or support the implementation of necessary remediations
    • Build, Communicate and Secure Internal Systems
      • Ensure that security policy and security standards are implemented and adhered to while also managing exceptions
      • Stay abreast of current and future security risks and adapt mitigations and controls accordingly
      • Raising user awareness in technological areas
      • Implement and support the deployment of new security technologies, both software and hardware, across the company including both Cloud and on-site solutions for the protection of the organization based on the latest threats
      • Provide operational incident support across a set of assigned technologies
      • Implement requested changes, updates, and improvements to the global security infrastructure including minor updates, report development, access provisioning, implementation of major upgrades, as well as alert tuning and development
      • Assist Information Asset Owners and other company teams to define and implement appropriate security recommendations
    • Security Operations
      • Involved in security breaches and threats, issue handling, and investigate violations when they occur
      • Implementation of technical safety measures
      • Maintenance of Information and Communication Technology (ICT) infrastructure and resources related to support the ISMS
      • Supervision of access rights to the Denodo’s corporate resources
      • Support of users in security related topics and incidents
      • Communicate with peers and managers regarding security issues
      • Participate in 24x7 on-call
      • Willing to work on a flexible schedule when necessary (working outside of normal business hours, holidays, and some weekends)
  • Qualifications

    Qualifications

    • Required experience with ISO/IEC 27001 maintenance or another security compliance standard (SOC-2, NIST CSF, NIST 800-53, etc.)
    • Certification to one or more or of the equivalent: CISSP, CISM, ISO/IEC 27001 lead implementer, ITIL
    • Minimum 2 years of relevant experience in an Information Security function
    • Experience in responding to customer/partner-specific Information Security requirements (RFP, RFI, POC) 
    • Experience reviewing security contracts clauses, and performing vendor assessments
    • Be able to understand the controls and processes associated with other certification, legal, regulatory, and compliance security frameworks.  For example, these include the General Data Protection Regulation (GDPR), The California Consumer Privacy Act (CCPA), China’s first Cybersecurity Law (CSL), Cyber Essentials, ISO-27001, SOC 2, NIST CSF, NIST 800-53
    • Ability to use problem-solving techniques, troubleshoot system outages, and provide timely solutions to operational issues
    • Identify root causes in order to drive improvements into the platform to prevent future operational incidents
    • Qualified education degree relating to security of Information Systems and demonstrated knowledge and experience
    • Proactive and ability to work autonomously
    • Have professional curiosity and the ability to enable yourself in new technologies and tasks
    • Excellent verbal and written communication skills to be able to interact with technical and business counterparts
    • Strong knowledge of information security with operations (ITIL) experience
    • Familiarity with application and infrastructure vulnerabilities and encryption 
    • Experience supporting complex global security infrastructures
    • Ability to handle multiple complex tasks in a dynamic environment with tight deadlines concurrently
    • Good English level, additional languages will be a plus
    • Having Cloud experience on AWS, AZURE, or Google will be a plus

    Additional Information

    EMPLOYMENT PRACTICES

    Denodo is an equal opportunity employer and prohibits discrimination and harassment of any kind. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity or expression, pregnancy, age, national origin, disability status, genetic information, protected veteran status, or any other characteristic protected by applicable law. Denodo will provide reasonable accommodation to employees who have protected disabilities in accordance with applicable law.