Security and Compliance Engineer

Security is an important part of Clearbit’s mission. We’re serious about protecting our infrastructure, operations, and most importantly, the data our customers’ entrust us with.

As the founding member of Clearbit’s security team, you understand that building user trust is critical to our success. You are passionate about information security risk management, privacy and maintaining customer confidence. You have the focus and organization to build on what we’ve already started and champion the adoption of sound security practices across all of Clearbit’s business and engineering teams. You love learning new legal policy frameworks, building processes to address new regulatory and compliance requirements, and jump at the chance to use your technical knowledge to answer customer questions.

Responsibilities

- Build and maintain a formalized customer inquiries program; including the development of any customer facing documentation and responses regarding Clearbit’s information security, compliance and regulatory programs.

- Manage and respond to all customer information security or compliance inquiries and audits.

- Be available as needed to discuss Clearbit’s security program and practices with existing and potential customers.

- Spearhead and maintain various regulatory and compliance attestation and/or certification programs (including SOC 2).

- Codify and raise awareness of internal security policies and practices
Improve and maintain the following information security program components:
- IT Risk methodology & processes, risk assessments and treatment plans
- Risk & compliance program, documentation, and assessment calendar
- Security Training & Awareness Program
- Vendor risk management
- Collaborate with devops and IT counterparts to improve network and infrastructure security to better secure customer data

- Partner with legal and policy counterparts to create policies and artifacts that support compliance programs

Requirements

- Experience managing customer information security, compliance and regulatory inquiries and audits.

- Experience interacting directly with both enterprise and small business customers.

- Experience implementing, participating in, or conducting security assessments of compliance programs (e.g.: SOC 2, FedRAMP, ISO 27001, HIPAA, etc.).

- Ability to work independently, communicating across multiple time zones
Experience working with cross-functional teams and multiple stakeholders with varying levels of technical aptitude.

- Familiarity with generally-accepted security methods, concepts and techniques.

- Effective communication with great interpersonal and presentation skills, writing well to translate complex issues into simple language that people who are not experts can understand.

Bonus Points

- Bachelor’s degree in computer science or equivalent educational or professional experience and/or qualifications.

- Thorough understanding of underlying AWS infrastructure components and best practices.

- CISA or CISSP

- 2+ years of information security experience

- 2+ years of experience with information technology audits and assessment