Security Compliance Engineer

Job Details

Security Compliance Engineer

Colorado Springs, Colorado



Direct Placement

Job Description

Security Compliance Engineer

The Information Security Compliance Engineer will be responsible for architecting, developing, and operating solutions that help company measure, monitor and report on the state of key security metrics and compliance requirements.

This role is focused on working with multiple technology and offer teams to ensure corporate Information Security tools are deployed and supported to achieve both corporate and regulatory compliance with specific focus on Federal Financial Institutions Examination Council's (FFIEC) standards and Center for Internet Security (CIS) controls/benchmarks. The candidate will be working in an exciting and rapidly expanding environment driving high standards while collaborating with a group of skilled engineers, administrators and developers.

Essential Job Duties and Responsibilities: 

  • Performs compliance reviews of Information Technology group.
  • Provides guidance and support on information protection across departments on regulatory compliance, policies and industry best practices as related to technology and information security.
  • Prioritize and implement security measures to support the day to day operation of the compliance function, ensuring adherence to policies and standards.
  • Establish security control testing protocols to ensure protection of member and credit union information.
  • Support Research and Development (R&D) efforts on new and emerging information security trends.
  • Apply that knowledge to continued improvement of the information security applications and systems to best protect member and credit union information.
  • Mentor/support team members where appropriate
  • Proficient with the Microsoft Office Suite of products (Word/Excel/Outlook).
  • Other Duties as Required: To ensure that emerging or unexpected member / organizational needs are appropriately addressed in a timely fashion.

Minimum Formal Education Required for this Position:

Knowledge consistent with a Bachelor’s Degree in Computer Science, Information Security/Technology, Risk or similar

Each year of relevant work experience may be exchanged for a year in a relevant degree program or vice versa.  For example, a requirement of “Knowledge Consistent with a Bachelor’s Degree in Accounting and 2+ years’ of accounting experience” could be substituted for a High School Diploma and 6 years of relevant accounting work experience or a Master’s Degree in Accounting and 0 years of work experience.  

Minimum work experience:

6+ years' Security experience at a large enterprise company or premier consulting firm 

5+ years Information security related administration

3+ years Financial industry security related administration 

Technical or specialized knowledge/skills:

Experience working in Second Line of Defense at a large organization

Strong communication skills (written, verbal, and listening)

Highly organized and able to multi-task and manage concurrent deadlines and able to effectively contribute to and lead working groups

Comfortable working in cross functional and multidisciplinary teams

Knowledge of compliance and regulatory frameworks (FFIEC, CIS, PCI, SOC 1, SOC 2, HIPAA, GDPR, etc...)

Possesses a strong working knowledge of security principles, policies, tools and procedures along with an understanding of the overall technical architecture of the organization

Strong technical writing and interpersonal skills with ability to communicate effectively verbally

Demonstrates resilience and flexibility in a rapidly changing environment to explore different strategies and achieve desired outcomes

Possesses a high degree of independence, integrity, and confidentiality while able to independently develop and deliver presentations and can respond to questions

Exposure or proficiency with the following platforms. Azure, Azure Active Directory, Intune MDM, Office365, and Okta

A demonstrated passion for, or commitment to helping our community achieve their financial goals

Follows standard procedures to follow up on security incidents, collecting and reporting appropriate information

Certifications required:

CISM, CISA, CRISC or equivalent within 120 days 

Environmental, physical and psychological requirements: 

Must be able to sit or stand for prolonged periods of time in a climate-controlled environment.  Must be able to use fingers, hands, wrists for repetitive tasks such as typing, using a mouse, handling paper, currency, or coin, and operating a telephone.   Demands for visual and auditory acuity are typical of an office environment.  Must be able to interact via email, telephone, or in person with diplomacy, tact, and courtesy with all members under varying circumstances.  Must be able to lift up to 40 lbs.


Direct Hire

Monday through Friday


Pay=$99K DOE

© 2021, Bond International Software, Inc.
All rights reserved.
Version 2021.1.5us