Shorelight is hiring an

Information Security & Compliance Engineer

Boston, United States
Full-Time
Shorelight — Information Security & Compliance Engineer
Boston, Massachusetts
 
About Us
Shorelight is reinventing the international education experience for students worldwide. Based in Boston, the company works directly with top-ranked, nonprofit American universities to build innovative programs and high-touch, technology-driven services that help talented students thrive and become global citizens.
 
Job Overview
The Information Security & Compliance Engineer ensures that Shorelight’s services, applications, and systems comply with current cybersecurity standards and regulatory requirements and are secured against the latest threats. This role develops and implements security compliance programs and policies, conducts regular audits and assessments, creates metrics to demonstrate the organization's compliance posture, and collaborates with cross-functional teams to mitigate risks.
 
The ideal candidate is a problem solver with outstanding oral and written communication skills and a proven ability to articulate security risks at all organizational levels to both technical and non-technical individuals.  He/She/They are an energetic team player who thrives in a fast-paced, high-tech environment and possesses exceptional customer service skills. The ability to adjust quickly to shifting priorities, make informed decisions with limited information, and exercise good judgment in escalating risks and concerns to leadership is essential. The Information Security & Compliance Engineer will influence and motivate participants in cross-team projects to engage in security and compliance initiatives, making the ability to build partnerships and collaborate with key stakeholders critical.
 
Essential Functions
Cybersecurity Compliance Management
·       Develop, implement, and maintain cybersecurity compliance policies, standards, and procedures
·       Monitor and ensure compliance with relevant cybersecurity regulations and industry standards (e.g., GDPR, ISO 27001, NIST)
·       Conduct regular security risk assessments and audits to identify and remediate compliance gaps
·       Coordinate with internal teams and external auditors during compliance audits and assessments
·       Maintain documentation related to compliance activities, including reports, policies, and procedures
·       Provide guidance and training to staff on compliance requirements and best practices
·       Stay updated on the latest cybersecurity laws, regulations, and industry trends to ensure organizational compliance
·       Collaborate with Technical Operations & other internal teams to integrate compliance requirements into systems and processes
·       Develop metrics and reports to demonstrate compliance status to leadership and stakeholders
 
Risk Management and Governance
·       Identify and assess cybersecurity risks, developing strategies to mitigate them
·       Establish and manage a cybersecurity governance framework aligned with business objectives
·       Collaborate with senior management to align security compliance strategies with organizational goals
·       Participate in the development of business continuity and disaster recovery plans
·       Oversee data security and data governance initiatives to protect sensitive information
·       Conduct risk evaluations for new processes, products, vendors, and services
 
Information Security
·       Working collaboratively with our Cloud Engineer, develop and maintain cloud security controls and best practices
·       Work closely with Engineering and Operations teams on secure-by-design coding practices, penetration testing, vulnerability scanning and assessment, and remediation
·       Set up and maintain tools and sensors to detect various attacks and exploitation techniques targeted towards cloud platforms and applications running within them
·       Develop, facilitate, and distribute security training modules and corresponding security materials
·       Security incident response
 
Engineering (Preferred)
·       Maintain Docker container and Kubernetes security, including pod-security and network security policies
·       Support the DevOps and Engineering teams in developing infrastructure-as-code using Terraform, CloudFormation, CI/CD, GitHub, etc.
·       Manage security across various Amazon Web Services (AWS) tools/products such as, VPCs, Flowlog, CloudTrail, S3, Route53, Elb, CloudFront, and WAF
·       Partner closely with Engineering and Product teams to suggest improvements that increase application security
 
Minimum Qualifications
·       7+ years of experience in cybersecurity compliance, information security, or related fields
·       Bachelor's degree or equivalent experience in Information Security, Computer Science, or a related field
·       Professional certifications such as CISSP, CISA, or CISM
·       Experience managing security vendors and managed-services providers
·       Strong understanding of cybersecurity regulations and industry standards (e.g., GDPR, ISO 27001, NIST)
·       Familiarity with Cybersecurity, Risk Assessment, Network Security, Identity and Access Management (IAM), Data Security, and Data Governance
·       Excellent understanding of network and web-related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, HTTPS)
·       Ability to occasionally provide weekend and after-hours support
 
Preferred Qualifications
·       Degree in Information Security, Cybersecurity, or a related field desired
·       Strong technical background and skillset
·       Strong background in cybersecurity governance and risk management
·       Additional certifications such as CRISC, CGEIT, or SANS GIAC
·       Experience with cloud security compliance frameworks (e.g., AWS, Azure)
·       Familiarity with OWASP, static/dynamic analysis, and common exploit tools and methods
·       Prior experience managing and growing a team in a compliance-focused role
 
Application Process
To apply for this position, please visit the Shorelight Careers page to submit an application with a resume and cover letter.
 
Background Check Required—Education, Criminal, Identity
 
Shorelight is an Equal Opportunity Employer
Apply for this job

Please mention you found this job on Startup Jobs. It helps us get more startups to hire on our site. Thanks and good luck!

Get hired quicker

Be the first to apply. Receive an email whenever similar jobs are posted.

Ace your job interview

Understand the required skills and qualifications, anticipate the questions you may be asked, and study well-prepared answers using our sample responses.

Engineer Q&A's
Report this job
Apply for this job