Product Security Engineer

Position: Product Security Engineer

Location: Remote

Hiring Mode: 6 months contract (high intent to FTE)

Job Description:

• 7+ years of experience in IT compliance, IT security, or governance engineering roles.
• Demonstrated experience supporting compliance programs in large, multinational enterprises.
• Hands-on experience with global regulatory frameworks (GDPR, SOX, ISO 27001, SOC 2, etc.).
• This role requires a senior-level product security and regulatory cert experience specifically with experience in EU CRA, EU RED, IEC 62443 expertise

Strong understanding of:

• Cloud environments (AWS, Azure, Google Cloud Platform)
• Enterprise networking
• Identity & access management
• Data protection and encryption technologies
• Logging, monitoring, and security tooling
• Experience leading or supporting external audits.
• Ability to translate legal/regulatory language into technical requirements.
• Strong documentation and stakeholder communication skills.

Preferred Qualifications

• Experience in highly regulated industries (financial services, healthcare, defense, telecom).

Certifications such as:

• CISA
• CRISC
• CISSP

ISO 27001 Lead Implementer / Lead Auditor

Experience with GRC platforms (ServiceNow GRC, Archer, OneTrust, etc.).

Experience managing cross-border data compliance and data residency requirements.

Regulatory & Technical Compliance

Interpret and operationalize global and regional regulations into actionable technical controls.

Lead compliance efforts related to frameworks and regulations such as:

• GDPR (EU)
• CCPA / CPRA (California)
• SOX
• HIPAA
• ISO 27001
• SOC 2
• PCI-DSS
• NIST 800-53 / 800-171

Country-specific data residency and privacy laws (APAC, LATAM, EMEA).

Translate regulatory requirements into technical standards for infrastructure, cloud, network, application, and data environments.

Partner with legal, risk, audit, and security teams to ensure consistent global compliance posture.

Control Implementation & Validation

• Design and implement technical controls to meet regulatory requirements.
• Conduct control testing, gap assessments, and remediation planning.
• Lead internal and external audits; coordinate evidence collection and auditor responses.
• Automate compliance validation through tooling where possible (e.g., CSPM, SIEM, GRC platforms).

Global Program Management

• Support compliance strategy across multiple countries and regions.
• Monitor regulatory changes globally and assess impact to IT systems.
• Establish repeatable compliance processes for global rollouts.
• Work with regional IT leaders to ensure localized regulatory adherence.

Risk & Governance

• Perform risk assessments related to regulatory exposure.
• Maintain risk registers and remediation roadmaps.
• Support policy development and technical standards documentation.
• Provide executive-level reporting on compliance posture and risk.

Key Competencies

• Strong analytical and risk-based decision-making skills
• Ability to operate in complex, matrixed global organizations
• Executive-level communication capability
• Process-oriented mindset with automation focus
• Ability to balance regulatory rigor with business enablement