Who you are

• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or related field (or equivalent experience)
• Minimum of years of experience in technical GRC, compliance automation, or security engineering roles
• Knowledge of industry frameworks such as NIST, ISO 27001, COBIT, or CIS Controls
• Understanding of various technologies used meet compliance objectives
• Strong analytical, problem-solving, and documentation skills
• Excellent communication and collaboration skills
• Certifications such as CISA, CISM, CRISC, CISSP, or Security+
• Experience with GRC tools (e.g., Archer, ServiceNow GRC, OneTrust)
• Basic programming or scripting skills (e.g., Python, Bash) and familiarity with APIs
• Working knowledge of AWS and cloud security controls

What the job involves

• We are seeking a technically skilled and proactive Security Compliance Engineer to support and enhance our compliance automation and monitoring capabilities
• This role will serve as the technical subject matter expert and a key contributor within the Trust and Assurance team, focusing on integrating and expanding the capabilities of our GRC platform
• The role will collaborate cross-functionally with product, engineering, and security teams enable continuous control monitoring, establish key risk indicators, and support security assurance objectives
• The ideal will have light programming and scripting skills, familiarity with cloud technologies, and a understanding of compliance frameworks
• Serve as a technical SME for compliance automation and integration efforts
• Design and implement automated workflows for evidence collection and control monitoring
• Expand and optimize the capabilities of the compliance platform through technical configuration and integration
• Develop and maintain dashboards to visualize compliance posture and key risk indicators
• Integrate GRC tools with cloud platforms and internal systems using APIs and scripting
• Collaborate with product, engineering, and security teams to implement technical controls
• Conduct gap analysis and support implementation of new compliance frameworks
• Monitor compliance with internal controls and external regulatory requirements (e.g., ISO 27001, NIST, SOC 2, GDPR, HIPAA)
• Stay current with emerging technologies, regulations, and best practices in compliance automation

Benefits

• Remote-first working model & hybrid options
• We encourage teams to get together in person periodically to help facilitate teamwork
• Flexible start and end times for many roles
• Leadership development program
• Access to LinkedIn Learning
• Global internal coaching program (Coach Match)
• Periodic Sophos wellness days off for all Sophos to help employees relax and recharge
• Global wellbeing program, which offers a range of wellbeing resources, including Sophos Wellbeing Webinars, Stress Management Toolkits, and Developing Resilience Courses
• Free Employee Assistance Program (EAP) for confidential advice and counseling on a wide range of work and personal issues
• Free annual subscription to the Calm app
• Paid parental leave, caregiver leave & bereavement/compassion leave available
• We host some unforgettable social experiences for our global teams including our music festival SOPH-Fest, go-karting, Sophmudder, and incredible holiday parties!
• Our annual global fitness challenge, SOPH-Fit, sees thousands of employees taking part in our virtual global race around the world
• Each quarter, we celebrate our exceptional global team by running the Sophos Values Awards, which recognizes and rewards employees who embody the Sophos values and who we are as a company
• Health care benefits available worldwide