Security Engineer (Compliance)

We do Consulting Differently

Second Sight Solutions, a subsidiary of Berkeley Research Group (BRG), is a health technology company, and our innovative technology reimagines how drug discount data is exchanged, establishing new connections and improving transparency for drug manufacturers and their customers. Our customers and partners trust us to deliver reliable, first-to-market solutions and safeguard the data we receive. We trust our employees, and our culture gives them the freedom to create, collaborate, and grow. Our leaders are industry experts, creative, unafraid to challenge the status quo, and the pioneers of market-changing solutions.

We are seeking a motivated Security Engineer (Compliance) to be an integral part of our Security team! The ideal candidate will be passionate about cyber security and possess both deep and wide expertise in the security space, with specific experience in the application and implementation of Governance, Risk, and Compliance (GRC) programs.

Responsibilities:

• Own, manage, and support the application of key compliance frameworks (SOC 1 and 2, ISO 27001, CSA STAR, NIST CSF, etc).

• Develop, control, and maintain applicable organizational policies, procedures, best practices, and guides associated with key compliance requirements and in support of annual audits.

• Assist in the development and implementation of an internal audit program designed to:

  • measure the effectiveness of organizational processes and procedures;

  • assess organizational adherence to those processes and procedures;

  • identify opportunities for organizational and systemic process improvement; and

  • alert the organization about emerging risks to the comprehensive compliance program.

• Support the Risk Management Program with a goal of making risk-based decisions an integrated part of the cultural landscape, including:

  • risk identification;

  • risk mitigation;

  • risk monitoring;

  • risk reporting; and

  • documentation of risk realization and/or retirement.

• Work closely with the Security Operations (SecOps) team to ensure security functions meet operational compliance requirements and will meet/exceed independent annual audit standards.

• Ensure technical, operational, and administrative controls are fully operable and meet standards necessary for SOC 1 and 2 audits.

• Support Quarterly Access Reviews (QARs) as part of the larger User Access Request process.

Qualifications:

• 5+ years of proven work experience as a System or Information Security Engineer, Compliance Engineer, or Risk Engineer.

• Detailed technical knowledge of compliance frameworks and their application across systems and organizations.

• Thorough understanding of the latest security principles, techniques, and protocols.

• Problem solving skills and ability to work under pressure.

• Experience with compliance frameworks (e.g., SOC 1 and 2, ISO 27001, CSA STAR, NIST CSF).

• Familiarity with web related technologies (Web applications, Web Services, Service Oriented Architectures) and network/web related protocols.

• Experience with cloud services (Microsoft 365, SharePoint Online, Microsoft Azure, and Amazon Web Services).

• Operational understanding of security systems, including firewalls, intrusion detection systems, anti-virus software, authentication systems, log management, and content.

• Ideal candidates will have a strong risk background that includes:

  • risk identification, adjudication, and mitigation development experience;

  • experience working with engineering teams to document, plan, and address identified risk items;

  • documentation and communication of identified risks to organizational leadership (up to and include the Executive Leadership Team or ELT);

  • regular review and maintenance of residual risk items; and

  • ownership of risks and the applicable risk lifecycle through risk identification, adjudication, mitigation/reduction, avoidance, transference, realization, and retirement.

Candidate must be able to submit verification of his/her legal right to work in the U.S., without company sponsorship.

This position is primarily remote; however, on‑site travel will be required for onboarding, team events, or other business‑driven needs.

Salary Range: $125,000-$170,000 per year.

About BRG

BRG combines world-leading academic credentials with world-tested business expertise purpose-built for agility and connectivity, which sets us apart—and gets you ahead.

At BRG, our top-tier professionals include specialist consultants, industry experts, renowned academics, and leading-edge data scientists. Together, they bring a diversity of proven real-world experience to economics, disputes, and investigations; corporate finance; and performance improvement services that address the most complex challenges for organizations across the globe.

Our unique structure nurtures the interdisciplinary relationships that give us the edge, laying the groundwork for more informed insights and more original, incisive thinking from diverse perspectives that, when paired with our global reach and resources, make us uniquely capable to address our clients’ challenges. We get results because we know how to apply our thinking to your world.

At BRG, we don’t just show you what’s possible. We’re built to help you make it happen.

BRG is proud to be an Equal Opportunity Employer. Our hiring practices provide equal opportunity for employment without regard to race, religion, color, sex, gender, national origin, age, United States military veteran status, ancestry, sexual orientation, marital status, family structure, medical condition including genetic characteristics or information, veteran status, or mental or physical disability so long as the essential functions of the job can be performed with or without reasonable accommodation, or any other protected category under federal, state, or local law.