Senior Information Security Engineer

at COMPLY
💰 $125k-$140k
🇺🇸 United States - Remote
🔒 Cybersecurity🟣 Senior

Job description

Who Are We:

We are COMPLY.

For compliance people.

COMPLY is the leading global provider of comprehensive regulatory compliance software and solutions for the financial services sector. Our OneCOMPLY™ platform provides an all-in-one approach to address firm and employee compliance requirements through a configurable and scalable software-as-a-service (SaaS) platform coupled with expert consulting services.

COMPLY serves thousands of financial services clients including Broker Dealers, Investment Banks, Private Funds, RIAs, and Wealth Managers who rely on COMPLY to power their compliance programs.

To learn more about COMPLY, visit COMPLY.com

COMPLY is seeking a Senior Information Security Engineer with 7–10 years of combined IT and cybersecurity experience to help protect our organization’s systems and data. The ideal candidate has hands-on experience with securing modern IT, networking, and cloud infrastructure, and implementing controls aligned with frameworks such as SOC 2, ISO 27001, regulatory, and privacy requirements (e.g., GDPR, CCPA, EU DORA.) They are skilled in vulnerability management, SIEM administration, incident response, continuous security monitoring, and supporting audit compliance activities. This role will be pivotal in strengthening our security posture and ensuring compliance with industry standards. The individual must be solutions oriented and a self-starter that can work autonomously in a fully remote environment.

Responsibilities:

  • Design, implement, and maintain security controls and policies to ensure compliance with SOC 2 and ISO 27001 standards.
  • Developing and updating security procedures, access controls, and monitoring mechanisms in line with these frameworks’ requirements for delegation.
  • Lead the organization’s vulnerability management program, including regular vulnerability scanning, assessment, and remediation efforts with Rapid7 InsightVM. Track and report on vulnerability status and trends monthly and drive continuous improvement in reducing risk exposure.
  • Manage, configure, tune, optimize, and develop reports using the company’s Security Information and Event Management (SIEM) system Rapid7 InsightIDR.
  • Investigate suspected security events and ensure that threats are detected, analyzed, and escalated in a timely manner. Coordinate with Infrastructure Operations and our 24/7/365 SOC vendor to resolve security incidents.
  • Deploy and maintain detection tools like SentinelOne, Defender for Cloud/Endpoint, AWS GuardDuty, AlertLogic WAF, and cloud security monitoring that provide real-time visibility into security events.
  • Establish processes to review logs and alerts, watch for anomalous behavior or indicators of compromise, and take proactive action when issues arise.
  • Manage and administer the organization’s email spam filter, Mimecast, to include developing email filters and executing quarterly phishing exercises.
  • Coordinate with external auditors to support security audits, assessments, and certifications such as SOC 1, SOC 2, and ISO 27001.
  • Gather evidence of control effectiveness, maintain documentation (policies, procedures, risk assessments, etc.), and remediate any findings or non-conformities identified during audits. Pursue methods to automate artifact collection for annual audits.
  • Lead routine internal audits to ensure ongoing compliance with security policies and standards, and drive improvements based on observations.
  • Develop and refine security policies, standards, exercises, and guidelines in collaboration with the CTO senior leadership team.
  • Ensure that policies address compliance requirements (e.g., access management, data protection, incident response) and are updated regularly.
  • Contribute to security awareness training efforts and phishing exercises and educate employees on cybersecurity best practices.
  • As a senior member of the security team, be prepared to lead out incident response activities, determine root cause, and impact to COMPLY.
  • Tune security tools for better incident detection and participating in post-incident reviews to implement lessons learned.
  • Collaborate with Infrastructure, Product, and Engineering teams to ensure security is embedded in development, IT infrastructure, and new projects.
  • Advise and assist in implementing system configurations, conducting security design reviews, and recommending enhancements to meet security best practices in cloud-based environments (AWS, Azure.)
  • Support due diligence requests from customers to include responding to questionnaires, engaging with customers via phone or email on an as-needed basis, supporting assessments, and building/maintaining COMPLY’s Trust Center.

Qualifications:

  • 7–10 years of combined experience in IT and cybersecurity.
  • Bachelor’s degree from an accredited institution in Computer Science, Information Security, Information Technology, or a related field.
  • At least one industry certification with CISSP, CCSP, CASP+, CISM, or GIAC certifications being highly preferred.
  • Experience supporting security for a B2B SaaS enterprise offering services to a regulated industry (e.g., Finance, Healthcare, Government) is preferred
  • Proactive and self-driven individual with the ability to work independently in a remote setting. Excellent collaboration and communication skills with cross-functional and international teams.
  • Knowledge of SOC 2, ISO 27001, or similar standards and experience aligning security programs with these or similar frameworks.
  • Hands-on experience managing vulnerability management, EDR, and SIEM systems with preference on Rapid7, SentinelOne, and Microsoft Defender.
  • Demonstrated proficiency with security in cloud and enterprise environments (AWS, Microsoft 365, Azure).
  • Experience developing continuous monitoring processes, detection systems, and incident response best practices.

$125,000 - $140,000 a year

The compensation range for this role is specific to the United States. It takes into account a wide range of factors that are considered in making compensation decisions, including, but not limited to, skill sets, training, licensure and certification, and experience. A reasonable estimate of the base salary range for this role would be $125,000- $140,000 plus applicable bonus/benefits offerings, etc., as those similarly situated within the Company.

COMPLY is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, disability, sex, sexual orientation, gender identity, or national origin. Nothing in this job posting should be construed as an offer or guarantee of employment.

The company offers a wide range of perks including:

- Comprehensive medical, dental and vision insurance at little to no cost starting on day one

- 401k with a company match

- Supplemental benefits at a discounted rate including home, auto and pet insurance

- Unlimited PTO

- Professional Development reimbursements

- Remote opportunities available for most positions

- Time to get together in person for company happy hours, team offsites and more

Applicants must be authorized to work for any employer in the United States. Currently, we are unable to sponsor or take over sponsorship of an employment Visa at this time.

COMPLY is aware of scammers posing as COMPLY employees and extending job offers via direct messaging, texts and social media platforms. These are fraudulent and should be treated as such. To learn more about this, please review our Statement of Fraudulent Job Offers.

Share this job:
Please let COMPLY know you found this job on Remote First Jobs 🙏

Similar Remote Jobs

Latest Jobs at COMPLY

Benefits of using Remote First Jobs

Discover Hidden Jobs

Unique jobs you won't find on other job boards.

Advanced Filters

Filter by category, benefits, seniority, and more.

Priority Job Alerts

Get timely alerts for new job openings every day.

Manage Your Job Hunt

Save jobs you like and keep a simple list of your applications.

Search remote, work from home, 100% online jobs

We help you connect with top remote-first companies.

Search jobs

Hiring remote talent? Post a job

Frequently Asked Questions

What makes Remote First Jobs different from other job boards?

Unlike other job boards that only show jobs from companies that pay to post, we actively scan over 20,000 companies to find remote positions. This means you get access to thousands more jobs, including ones from companies that don't typically post on traditional job boards. Our platform is dedicated to fully remote positions, focusing on companies that have adopted remote work as their standard practice.

How often are new jobs added?

New jobs are constantly being added as our system checks company websites every day. We process thousands of jobs daily to ensure you have access to the most up-to-date remote job listings. Our algorithms scan over 20,000 different sources daily, adding jobs to the board the moment they appear.

Can I trust the job listings on Remote First Jobs?

Yes! We verify all job listings and companies to ensure they're legitimate. Our system automatically filters out spam, junk, and fake jobs to ensure you only see real remote opportunities.

Can I suggest companies to be added to your search?

Yes! We're always looking to expand our listings and appreciate suggestions from our community. If you know of companies offering remote positions that should be included in our search, please let us know. We actively work to increase our coverage of remote job opportunities.

How do I apply for jobs?

When you find a job you're interested in, simply click the 'Apply Now' button on the job listing. This will take you directly to the company's application page. We kindly ask you to mention that you found the position through Remote First Jobs when applying, as it helps us grow and improve our service 🙏

Apply