Compliance Engineer Details

Compliance Engineer

DataBank | DataBank Holdings, Ltd. - Dallas, TX

Employment Type : Full-Time

DataBank is a leading service provider of enterprise class services aimed at providing 100% uptime and availability of customer data, applications, and equipment. DataBanks managed data center services are built around its world-class facilities, multi-homed Internet access hub, and multi-terabyte storage area network. We provide a redundant managed colocation environment for companies wishing to outsource their entire computer room infrastructure. This environment consists of space, power and network transport services.


The Compliance Engineer (CE), with supervision, has a primary function of assisting the CISO in the development, implementation, and maintenance of systems and data security policies for all DataBank and customer managed IT services. The CE will work with DataBank internal business areas and customers to ensure that the defined boundary environments are in compliance with directed, relevant state, federal, and industry information security practices and regulations. The CE works closely with the CISO to develop and maintain policies for information security including data classification and handling, systems and data access, acceptable use, network access, user account life cycle management and authentication, incident handling, breach response protocols and others as directed. Acts as a channel of communication to receive and review continuous monitoring reporting for FedRAMP systems, receive and direct compliance questions and issues to appropriate resources within the organization for investigation and appropriate resolution and work with the Sales and Marketing teams to convey DataBank compliance options to potential new customers. The CE reports to the CISO.


Responsibilities

  • Works with the CISO to assist in the development, implementation, auditing/continuous monitoring and enforcement of security and compliance policies and procedures.
  • Prevents compliance issues through proactive efforts of relationship development, research and continuous monitoring.
  • Relationship Development:
  • Work in concert with the sales engineering planning and design teams to review proposed customer architecture; identifying and resolving compliance violations prior to product delivery; identifying short-term and long-range issues;
  • Continuous Monitoring:
  • Works with security engineers to perform pro-active security scans and/or reviews of systems, networks and applications for vulnerabilities.
  • Reviews scan results with appropriate parties to suggest and/or assist with remedial action. Document known issues in the POA&M or through customer ticketing.
  • Contributes to the preparation of studies and reports containing findings and recommendations for the implementation of systems, security and application software.
  • Research: Researching and identifying applicable regulatory and industry compliance standards, producing research papers on emerging compliance trends and requirements.
  • Suggests changes and enhancements to server and network configurations and data handling and storage procedures to improve security and reduce the risk of sensitive University data assets being mishandled, exposed, and/or exploited. This includes potential violations of State, Federal, and industry regulations and polices such as FERPA, FedRAMP, HIPAA/HITECH, Sarbanes-Oxley, Gramm Leach Bliley, and PCI-DSS.
  • Works with the Human Resources Department and others as appropriate to develop and manage an effective Security Awareness and compliance training program, including appropriate introductory training for new employees as well as ongoing training for all employees and managers.
  • Department project manager.
  • Acts as a liaison to coordinate with external customers performing vulnerability assessments and penetration testing services.
  • Abides by all applicable legal statutes, policies, and procedures to maintain the chain of custody for any materials or data that may be used in a court of law.
  • Maintains integrity and appropriate confidentiality in all institutional and program operations.
  • Other duties as directed.
  • Knowledge of regulatory and compliance processes.
  • Familiarity with State, Federal, and industry regulations, policies and processes such as (but not limited to) FERPA, FedRAMP, HIPAA/ HITECH, Sarbanes-Oxley, Gramm Leach Bliley, CALEA, and PCI-DSS.
  • Strong writing skills with focus on ability to write business, policy and procedural documentation.
  • Strong customer service skills.
  • Ability to learn quickly, adapt to customer needs and use existing online resources
  • Ability to communicate organizational security policies, standards, and guidelines to internal co-workers, existing and potential customers in a clear, knowledgeable and concise manner.
  • Continually grows in technical knowledge and understanding of cyber security threats and trends.
  • Reports operational status of enterprise/departmental applications and enterprise network infrastructure to the CISO.
  • Provides documented security information to internal organization departments.
  • Entry level technical understanding of current cyber security threats, trends, and mitigations such as malware variants and mitigation techniques.
  • Able to work with supervision or with a team, take direction and effectively execute, work to ensure customer SLAs and expectations are met.
  • Prior experience in security or IT environment a plus.
  • Performs related duties, as required and assigned.


Qualifications

  • High School Diploma or equivalent, required.
  • Graduation from an accredited university/college with a Bachelor's Degree in business administration, computer science or related field is strongly desirable. Applicants without a degree but who have extensive experience in the related field will also be considered.
  • Industry certification(s) in information security, compliance, security analysis, or other fields of expertise that are directly related to the duties and responsibilities of the position are also strongly desirable.
  • Three years of professional experience in business compliance administration or security administration.
  • Suggested Security and Technical Certifications: Security+ GSEC.


Benefits:

  • Health, Vision and Dental Insurance Packages
  • Short-Term and Long-Term Disability?Insurance
  • Life Insurance?
  • 401k with company match?
  • 3 weeks Paid Time Off and Paid Holidays?



Brand: DataBank
Address: 400 S Akard Street Dallas, TX - 75202
Property Description: 1 - Akard St - Dallas TX
Property Number: 1

Posted on : 3 years ago
 Apply Now