Security Assurance Engineer

We are looking for a Security Assurance Engineer to join our team, owning the policies, risk programs, and audit processes that keep our products secure and our customers confident. You will work directly with Engineering, Legal, HR, and IT to translate complex regulatory requirements into practical guidance teams can act on.

What You'll Do

Policy & Standards

• Own the security and privacy policy library: drafting, updating, and rationalizing policies across ISO 27001, SOC 2, HIPAA, and GDPR requirements
• Translate regulatory requirements into practical, enforceable controls that engineering and operations teams can actually implement
• Maintain alignment between the ISMS (ISO 27001) and QMS (ISO 13485) documentation to reduce duplication and audit burden

Risk Management

• Conduct and maintain risk assessments across the enterprise, including vendor/third-party risk, product risk, and operational risk
• Own the risk register and work with risk owners to track treatment plans and exceptions
• Perform security assessments for new tools, AI systems, and vendors before adoption

Compliance & Audit

• Coordinate evidence collection and remediation for SOC 2 Type II, ISO 27001, and customer audits
• Respond to customer security questionnaires (MDS2, SIG, CAIQ, custom) efficiently and accurately
• Track regulatory changes (EU AI Act, state privacy laws, FDA guidance) and assess their business impact

Cross-Functional Collaboration

• Partner with Engineering on secure development practices, threat modeling, and SDLC compliance
• Support HR and IT on security awareness, onboarding/offboarding, and acceptable use policies
• Work with Legal on DPAs, contract security terms, and incident notification requirements