Director, Compliance Engineering & Strategy
Provide engineering and technical guidance on meeting regulatory compliance requirements to m all teams in [company name] Cloud. Outline strategies to achieve [company name] Cloud's aggressive compliance posture, and develop implementation plans. Both Engineering and Strategy pieces address SOC 1, SOC 2, PCI, HIPAA, NIST 800-53 (FedRAMP), and other frameworks. Also responsible to organize and manage personnel, contractors, and operational teams to execute audits and corresponding certifications for ISO 27001 (including 27017 and 27018), UK G-Cloud, and GDPR deployment across [company name] Cloud Operations. Duties require direct engagement with security, operations, and development personnel at all levels within the organization up to and including top-level executives.
- Lead team that obtained ISO 27001 certification for [company name] Cloud Operations encompassing multiple disparate cloud services
- Outlined building blocks methodology for obtaining compliance of multiple PaaS/IaaS services compliance with HIPAA and PCI compliance
- Identified critical security gaps affecting multiple compliance and build projects to allow for timely remediation
- Work hand-in-hand with security operations team to develop security technical solutions to meet regulatory requirements, specifically for SIEM upgrade and enterprise management tool deployment