Job Type
Job Details
The Senior Cybersecurity Compliance Engineer is the customer-facing role of the Information Security team and is responsible for supporting customers and prospects with security questions for their due diligence
The Senior Cybersecurity Compliance Engineer will help improve processes, manage documentation libraries, and security-related deliverables for customers; contribute to the Workiva Platform security by identifying short-term and long-range customer needs to foster customer trust; and manage customer and prospect assessments and audits in line with regulatory compliance and industry standards
What You’ll Do
Foster Customer trust by managing and improving processes, and security related Customer deliverables
Educate Customers and Prospects on Workiva’s infrastructure and security framework; built upon the underlying NIST and ISO frameworks
Collaborate with internal stakeholders, including sales, product development, and legal team to address security related inquiries and concerns
Provide security information, recommendations and implement directives within other areas of Workiva
Identify and manage short-term and long-range issues and concerns of Customers to improve Workiva’s security and compliance
Prioritize and delegate the fulfillment of security requests from Customers and compliance areas; including questionnaires, RFPs and contract reviews
Mark up security related terms in contracts with Customers
Stay up to date on existing and upcoming security and privacy regulations/standards across the globe, specifically in the APAC region
Oversee the execution of security assessments for new technologies, third-party vendors, and acquisitions
Collaborate with stakeholders during the due diligence process to ensure that Prospects and Customers are provided with information that instills their trust in the Workiva Platform Serve as the face of security for Information Security
Influence and drive third-party risk management best practices for Workiva
Determine analytical methods for audits, assessments, and data gathering
Assess existing security controls, and provide consulting on industry best practices
Collaborate with stakeholders on best practices; improving skills and overcoming challenges
Mentor other team members on security
Manage multiple projects, while working with stakeholders
What You'll Need
Strong understanding of Cybersecurity frameworks, regulations, and standards (FedRAMP, NIST, ISO 27001, GDPR, SOC, etc.) and their application in business context
Strong planning and organizational skills; project management experience is a plus
Strong attention to detail and ability to prioritize multiple projects
Excellent verbal, written, and interpersonal communication skills
Ability to influence at all levels and in various departments
Ability to set priorities, meet deadlines, and manage multiple projects in a fast-paced, changing environment
Exceptionally strong personal integrity, and ability to professionally handle confidential matters while showing an appropriate level of good judgment and maturity
Possess strong technical acumen
Minimum Qualifications
Typically requires a minimum of 4 years of related experience with a Bachelor's degree; or 2 years and a Master's degree; or a PhD without experience
Preferred Qualifications
To manage clients based in Japan, fluency in spoken and written Japanese is preferred but not required
Security or compliance experience in a SaaS environment and/or heavily regulated environment
Knowledge of TPRM ( Third-Party Risk Management), SOX (Sarbanes-Oxley Act) Reporting
Knowledge of NIST Framework, ISO framework and GRC processes
Cloud Security Experience
Understanding of SOC 1 and 2
Experience with Loopio preferred
Background in both accounting and cybersecurity preferred
Prior knowledge and understanding of relevant legal and regulatory requirements, such as Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry/Data Security Standard (PCI DSS), SANS and ISO27001, FFIEC, MAS, DORA, GDPR, etc.
Prior knowledge and understanding of common information security management frameworks such as HITRUST, ISO, IEC27001, ITIL, COBIT
Regulatory audits a plus
Knowledge in Procurement and sourcing also desired
Workiva is an Equal Employment Opportunity Employer. We believe that great minds think differently. We value diversity of backgrounds, beliefs, and interests, and we recognize diversity as an important source of intellectual thought, varied perspective, and innovation. Employment decisions are made without regard to age, race, creed, color, religion, sex, national origin, ancestry, disability status, veteran status, sexual orientation, gender identity or expression genetic information, marital status, citizenship status or any other protected characteristic.
Workiva is committed to working with and providing reasonable accommodations to applicants with disabilities. To request assistance with the application process, please email talentacquisition@workiva.com.
Workiva employees are required to undergo comprehensive security and privacy training tailored to their roles, ensuring adherence to company policies and regulatory standards.
