Job Title:
Compliance Engineer - Auditing | Certifications | ISMS |
About Skyhigh Security:
Skyhigh Security is a dynamic, fast-paced, cloud company that is a leader in the security industry. Our mission is to protect the world’s data, and because of this, we live and breathe security. We value learning at our core, underpinned by openness and transparency.
Since 2011, organizations have trusted us to provide them with a complete, market-leading security platform built on a modern cloud stack. Our industry-leading suite of products radically simplifies data security through easy-to-use, cloud-based, Zero Trust solutions that are managed in a single dashboard, powered by hundreds of employees across the world. With offices in Santa Clara, Aylesbury, Paderborn, Bengaluru, Sydney, Tokyo and more, our employees are the heart and soul of our company.
Skyhigh Security Is more than a company; here, when you invest your career with us, we commit to investing in you. We embrace a hybrid work model, creating the flexibility and freedom you need from your work environment to reach your potential. From our employee recognition program, to our ‘Blast Talks' learning series, and team celebrations (we love to have fun!), we strive to be an interactive and engaging place where you can be your authentic self.
We are on these too! Follow us on LinkedIn and Twitter@SkyhighSecurity.
Role Overview:
Compliance Engineer - Auditing | Certifications | ISMS |
Monitoring internal data within the company as required to assess and investigate security issues as phishing, insider risk, data protection. Utilizes various end-point, network, and cloud security tools. Execute targeted investigations as necessary. Execute incident response & disaster recovery plans. Manages time effectively and applies critical thinking skills to address competing priorities. Works with internal stakeholders to effectively communicate security risks and necessary remediation steps.
About the Role:
You will serve as a critical member of the team who expertly blends technical security knowledge with strategic compliance management.
You will be the primary driver of our corporate compliance program. This involves independently managing the full lifecycle of internal and external audits for key certifications like ISO 27001, SOC 2, FedRAMP, and PCI-DSS.
You will handle audit preparation, coordinate with auditors, and meticulously gather all required evidence and documentation.
You will take direct ownership of developing, maintaining, and communicating our Information Security Management System (ISMS) documentation and policies.
You will ensure compliance is not an afterthought by actively reviewing operational controls and participating in IT change management. You will work directly with technical teams to integrate compliance requirements into their workflows and CI/CD pipelines.
While compliance is the focus, you will leverage your security engineering knowledge to provide valuable insights. You will personally guide the secure design of systems and translate vulnerability findings into actionable, risk-based remediation plans that align with our compliance framework.
Qualifications:
4+ years of combined experience IT Audit, IT Compliance, or a related Security Engineering role with a strong compliance focus. You are a seasoned professional with deep knowledge of industry-leading security principles and frameworks.
Hands-on experience managing audits for multiple standards, particularly ISO 27001, SOC 2, or FedRAMP. You are an expert in independently gathering evidence and presenting a compelling case for certification.
Ability to perform both analytical, compliance-focused work and technical, hands-on tasks when needed. Your exceptional analytical, documentation, and organizational skills allow you to manage complex projects with meticulous detail.
Excellent communicator with a proven ability to convey complex technical and compliance issues to a wide range of audiences. You excel at collaborating with cross-functional teams to drive process maturity and operational efficiency, serving as a subject matter expert and trusted advisor.
Familiar with cloud environments (e.g., AWS, Azure, GCP) and understand the role of DevOps tools (e.g., GitLab, Jenkins) in a modern security and compliance program. You are comfortable thriving in a fast-paced, evolving global environment.
Company Benefits and Perks:
We believe that the best solutions are developed by teams who embrace each other's unique experiences, skills, and abilities. We work hard to create a dynamic workforce where we encourage everyone to bring their authentic selves to work every day. We offer a variety of social programs, flexible work hours and family-friendly benefits to all of our employees.
We're serious about our commitment to a workplace where everyone can thrive and contribute to our industry-leading products and customer support, which is why we prohibit discrimination and harassment based on race, color, religion, gender, national origin, age, disability, veteran status, marital status, pregnancy, gender expression or identity, sexual orientation or any other legally protected status.
Our Commitment to You :
At Skyhigh Security, we are committed to creating a safe and trustworthy experience for our customers, employees, and candidates. Please be aware that fraudulent recruiting activity can occur through fake job postings or impersonated communications.
Skyhigh Security conducts interviews through professional channels only and does not use text messages, instant messaging, or group chats for interviews. We will never request sensitive personal information—such as your date of birth, Social Security number, or national ID number—during the interview process.
Skyhigh Security also does not require candidates to pay fees, purchase products or services, or process payments of any kind as part of the recruiting or hiring process. And Skyhigh Security will never keep any original work authorization documents that we may be required to review during the hiring process.