Senior Compliance Engineer

About Skyhigh Security:

Skyhigh Security is a dynamic, fast-paced, cloud company that is a leader in the security industry. Our mission is to protect the world’s data, and because of this, we live and breathe security. We value learning at our core, underpinned by openness and transparency.

Since 2011, organizations have trusted us to provide them with a complete, market-leading security platform built on a modern cloud stack. Our industry-leading suite of products radically simplifies data security through easy-to-use, cloud-based, Zero Trust solutions that are managed in a single dashboard, powered by hundreds of employees across the world. With offices in Santa Clara, Aylesbury, Paderborn, Bengaluru, Sydney, Tokyo and more, our employees are the heart and soul of our company.

Skyhigh Security Is more than a company; here, when you invest your career with us, we commit to investing in you. We embrace a hybrid work model, creating the flexibility and freedom you need from your work environment to reach your potential. From our employee recognition program, to our ‘Blast Talks' learning series, and team celebrations (we love to have fun!), we strive to be an interactive and engaging place where you can be your authentic self.

We are on these too! Follow us on LinkedIn and Twitter@SkyhighSecurity.

Role Overview:

You will be responsible for secure design, development and operation of Skyhigh's products and services. Responsibilities may include threat assessment, design of security components, vulnerability assessment. Ensures products conform to standards and specifications. Develops plans and cost estimates and assesses projects to analyze risks. Responds to customer/client requests or events as they occur. Develops solutions to problems utilizing formal education, judgment and formal process. Maintains substantial knowledge of state-of-the-art security principles, theories, attacks and contributes to literate and conferences. Require thorough knowledge of security practices, procedures and capabilities in order to perform non-repetitive, analytical work.

About the Role:

• You will serve as a critical member of the team who expertly blends technical security knowledge with strategic compliance management.
• You will be the primary driver of our corporate compliance program. This involves independently managing the full lifecycle of internal and external audits for key certifications like ISO 27001, SOC 2, FedRAMP, and PCI-DSS.
• You will handle audit preparation, coordinate with auditors, and meticulously gather all required evidence and documentation.
• You will take direct ownership of developing, maintaining, and communicating our Information Security Management System (ISMS) documentation and policies.
• You will ensure compliance is not an afterthought by actively reviewing operational controls and participating in IT change management. You will work directly with technical teams to integrate compliance requirements into their workflows and CI/CD pipelines.
• While compliance is the focus, you will leverage your security engineering knowledge to provide valuable insights. You will personally guide the secure design of systems and translate vulnerability findings into actionable, risk-based remediation plans that align with our compliance framework.

Qualifications:

• 5-10 years of combined experience IT Audit, IT Compliance, or a related Security Engineering role with a strong compliance focus. You are a seasoned professional with deep knowledge of industry-leading security principles and frameworks.
• Hands-on experience managing audits for multiple standards, particularly ISO 27001, SOC 2, or FedRAMP. You are an expert in independently gathering evidence and presenting a compelling case for certification.
• Ability to perform both analytical, compliance-focused work and technical, hands-on tasks when needed. Your exceptional analytical, documentation, and organizational skills allow you to manage complex projects with meticulous detail.
• Excellent communicator with a proven ability to convey complex technical and compliance issues to a wide range of audiences. You excel at collaborating with cross-functional teams to drive process maturity and operational efficiency, serving as a subject matter expert and trusted advisor.
• Familiar with cloud environments (e.g., AWS, Azure, GCP) and understand the role of DevOps tools (e.g., GitLab, Jenkins) in a modern security and compliance program. You are comfortable thriving in a fast-paced, evolving global environment.

Company Benefits and Perks:

We believe that the best solutions are developed by teams who embrace each other's unique experiences, skills, and abilities. We work hard to create a dynamic workforce where we encourage everyone to bring their authentic selves to work every day. We offer a variety of social programs, flexible work hours and family-friendly benefits to all of our employees.

• Retirement Plans
• Medical, Dental and Vision Coverage
• Paid Time Off
• Paid Parental Leave
• Support for Community Involvement

We're serious about our commitment to a workplace where everyone can thrive and contribute to our industry-leading products and customer support, which is why we prohibit discrimination and harassment based on race, color, religion, gender, national origin, age, disability, veteran status, marital status, pregnancy, gender expression or identity, sexual orientation or any other legally protected status.