Security and Compliance Engineer

All About Us

Modaxo Traffic Management oversees two business units related to public safety and parking. This business group within Modaxo provides shared services such as IT, HR, and Finance to support effective business operations for these business units.

At Modaxo, we work hard to invest in our people. We embrace transparency and consider integrity our cornerstone. Modaxo strives to foster a humble, curious, and learning environment as we partner together to champion the communities we serve.

We are an Equal Opportunity/Affirmative Action Employer.

Job Summary

Are you ready to play a key role in maintaining and enhancing our security posture while ensuring compliance with global regulatory standards? We are seeking a skilled and knowledgeable Security and Compliance Engineer to join our innovative IT and security team.

As a Security and Compliance Engineer, you'll work closely with the Security Analyst and cross-functional teams to implement, manage, and maintain security controls and technologies, ensuring all practices adhere to legal and regulatory requirements. The Security Analyst will handle auditing and verification, making sure everything is implemented correctly and utilized effectively.

In this hands-on role, you will be responsible for implementing, managing, and maintaining the security, privacy, and compliance programs, systems, and controls of our organization to protect our data and network infrastructure. You'll identify vulnerabilities, implement security measures, respond to security breaches, and serve as the subject matter expert (SME) regarding security, privacy, and compliance controls. The Security Analyst will audit and ensure everything is in place and being used as intended.

What You’ll Do:

• Strategy & Planning: Develop and maintain service desk procedures and documentation, monitor performance metrics, and collaborate with IT management to implement best practices.
• Security Strategy and Governance: Develop and implement comprehensive security strategies and controls aligned with industry standards such as ISO 27001, SOC2, PCI-DSS, CCPA, GDRP based on the NIST Cybersecurity Framework (CSF). Participate in the governance, risk and compliance (GRC) assessments to ensure regulatory compliance in North America and the UK, preparing for PCI, SOC, ISO and CyberEssentials audits.
• Risk Management: Alert management to emerging security trends and threats, formulating and updating security, privacy, and compliance standards and best practices.
• Security Tools Management: Participate in the selection, acquisition, and deployment of security tools and technologies. Oversee the installation, configuration, and maintenance of tools like Rapid7, Security Scorecard, Invicti, Crowdstrike, and Knowbe4.
• Vulnerability Management: Design, implement, and manage vulnerability management systems, including endpoint protection, firewalls, and intrusion detection systems.
• Network Monitoring: Continuously monitor network traffic for unusual activities and potential threats, promptly taking countermeasures.
• Audits and Assessments: Assist the Security Analyst with regular security audits and risk assessments, recommending and implementing necessary enhancements.
• Incident Response: Lead incident response efforts, investigating and mitigating security breaches or incidents.
• Collaboration: Work closely with other departments to establish and enforce security best practices and compliance with regulations, acting as a liaison between IT, legal, and other departments.
• Vendor Coordination: Coordinate with vendors and third-party service providers to secure network and information systems.
• R&D and Engineering Support: Drive security measures and process improvements in R&D and engineering processes, supporting teams with penetration and vulnerability assessment and resolution management. Building out a Secure Software Development Lifecycle Policy.
• SAST and DAST: Manage the implementation and operation of Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) across products.
• Documentation: Maintain comprehensive security, privacy, and compliance documentation, including policies, procedures, best practices, guidelines, and key performance indicators (KPIs).

What You Bring to the Role:

Education:

• BA/BS in Computer Science, Computer Information Systems, Management Information Systems, Cybersecurity, or related field.
• Relevant certifications such as CISSP, Security+, CISA, CISM, CEH, CIPP, CIPT are preferred.

Experience:

• 5+ years of professional experience in a similar role or a role involving security/privacy compliance.
• Experience with security, privacy, compliance, and IT audits including GRC implementation and management.
• Experience and knowledge of ISO27001, SOC2, and PCI certification, along with security frameworks and compliance including NIST, GDPR, and CCPA.
• Experience supporting R&D and engineering teams with penetration and vulnerability assessment and resolution management.
• Knowledge and experience with security tools and technologies such as Rapid7, Security Scorecard, Invicti, Crowdstrike, and Knowbe4.
• Proficiency in designing and enforcing security standards, processes, and guidelines.

Work Environment:

This position is fully remote, providing flexibility and promoting work-life balance. This position may involve occasional travel within North America. You may also participate in an on-call roster rotation and should be flexible regarding varied work hours to address outages.