Security Compliance Engineer

Team Description 

Pendo's mission is to help companies build great software. We believe that great software is also secure software! The Pendo Security Team is here to provide everyone at Pendo the resources that they need to keep the data we are entrusted with secure and to deliver products that are built with security and privacy by design.

Pendo is seeking a Security Compliance Engineer to join our growing team in Raleigh, North Carolina.  Reporting to our Senior Manager of Security Operations and Compliance you will be working on our compliance-related programs, including Third Party Risk Management, SOC 2, PCI DSS, StateRAMP, and other global compliance frameworks. You will also work closely with engineering, product, corporate IT teams, and other partners across the organization to achieve the goals of these programs. The ideal candidate is a passionate, highly skilled information security expert who has a customer-focused mindset and is capable of quickly learning new technologies and creatively solving problems. The hiring level for this position will be determined by the selected candidate’s qualifications and experience, and is expected to be either an associate (entry) or mid-level. 

Responsibilities (what you’ll do):

• Provide analysis and implementation guidance based on frameworks such as the SOC 2, NIST 800 series, StateRAMP, ISO 27001, PCI DSS, and other related compliance requirements and regulations 
• Plan, implement, and maintain security controls to protect the confidentiality, integrity, and availability of data and information systems
• Work closely with engineering and product teams to deliver compliance requirements, provide consultation, and validate implementation
• Communicate compliance requirements, deliverables, and project status to stakeholders, leaders and external partners
• Drive cross-functional execution and validation of compliance deliverables 
• Build, execute, and maintain continuous monitoring functions and deliverables
• Drive vulnerability remediation in accordance with compliance requirements
• Monitor performance metrics, review logs, and conduct periodic audits to verify the effectiveness of security controls
• Write, edit and manage a wide variety of information security policies, procedures, and other documentation to meet compliance requirements

Qualifications (what you have):

• Demonstrated experience with one or more of the following: 
• Working with compliance frameworks such as SOC 2, NIST SP 800 Series, StateRAMP, ISO 27000-series, PCI, HIPAA, etc., 
• Collaborating with subject matter experts and developing, editing, and revising documentation including standard operating procedures, system security plans (SSP), and policies and procedures
• Implementing continuous monitoring requirements Working with Third-party Assessment Organizations (3PAO)
• Third Party Risk Management programs that include onboarding, assessments, reporting, and monitoring. 
• Excellent verbal and written communication skills
• Strong understanding of security controls, frameworks and practices
• Strong understanding of vulnerability management, scanning tools and remediation
• Strong critical thinking and decision-making skills
• Strong customer service orientation
• Ability to self-manage assigned project tasks 
• Ability to work independently with minimal direction
• A growth mindset and love of learning new technologies

Additional Preferred Qualifications:

• Experience working in SaaS companies
• Experience with writing code to automate tasks
• Experience configuring and managing GRC platforms, or similar, for continuous monitoring through integrations with third party platforms. 
• Familiarity with Cloud Service Providers such as Google Cloud Platform, Amazon Web Services, or Microsoft Azure
• Bachelor’s or Master’s degree in Cybersecurity, Computer Science, Management of Information Systems, or similar technical or business-related field
• One or more industry-recognized security certifications, such as CISSP, CISM, CISA, OSCP, CEH, or CSSK

Pendo Description:

Pendo was founded in 2013 by former product managers, who combined their heads and hearts to build something they wanted but never had as product managers -- a simple way to understand and attack what truly drives product success.  Our mission is to improve society's experience with software.

Come join one of the fastest-growing startups, supported by best-in-class institutions like Battery Ventures, Salesforce Ventures, Spark Capital and Meritech. You will gain experience in a diverse and exciting set of technologies and clients and have a real impact on Pendo's future. Our culture is passionate, dynamic, and fun.

EEOC

We are an equal opportunity employer and believe having diverse teams where everyone brings their whole self to Pendo is key to our success. We welcome all people of different backgrounds, experiences, abilities and perspectives.

Accessibility

Pendo is committed to working with, and providing access and reasonable accommodation to, applicants with mental and/or physical disabilities. If you think you may require an accommodation for any part of the recruitment process, please send a request to: accommodation@pendo.io. All requests for accommodations are treated discreetly and confidentially, as practical and permitted by law.

Compensation

Our salary ranges are based on paying competitively for our size and industry, and are one part of many compensation, benefits and other reward opportunities we provide.

The expected salary range for this role to be performed in Raleigh, NC is $120,000 - $130,000.

Individual pay rate decisions, including offers made within and over the expected salary range, are based on a number of factors, including qualifications for the role, experience level, skillset, and balancing internal equity relative to peers at the company.