Your opportunity
At New Relic, we provide our customers real-time insights, so they can innovate faster. The Cloud Platform group within New Relic provides an enterprise-grade, cloud-agnostic platform and a developer platform that is composable, extensible, secure, scalable and reliable.
What you’ll do
- Develop, implement and own a comprehensive compliance strategy across our platform, ensuring adherence to industry standards, regulations, and best practices.
- Lead the design and implementation of a robust security framework, including systems, architecture, and policies, to protect sensitive data.
- Collaborate with cross-functional teams, including engineering, security, legal and compliance, to ensure compliance requirements are understood and integrated into the software development lifecycle.
- Conduct regular compliance risk assessments and audits to identify gaps and develop action plans to address areas of concern.
- Serve as the engineering point of contact for internal and external auditors, providing necessary documentation and participating in compliance reviews.
- Serve as a trusted advisor on compliance-related matters to internal stakeholders and teams.
- Stay up-to-date with changes in regulatory requirements, industry standards, and emerging technologies to continually enhance our compliance framework.
- Provide guidance and training to engineering teams on secure coding practices and integrating compliance controls into the development process.
This role requires
- Bachelor’s or Master’s degree in Computer Science, Software Engineering, or a related field.
- 12 years as a software engineer primarily specializing in compliance architecture or a similar role.
- In-depth knowledge of regulatory compliance frameworks, such as SOC 2, HIPAA, GDPR, FedRamp or ISO 27001.
- Excellent understanding of DevSecOps practices and integrating security and compliance throughout the software development lifecycle.
- Proven track record of designing and implementing compliance strategies in a SaaS or cloud-based company.
- Proficiency in secure coding practices and experience coding in Java and/or Golang.
- Experience with security and compliance tools, frameworks, and technologies.
- Experience with cloud-based environments (AWS, Azure or GCP).
- Excellent problem-solving skills and ability to analyze complex compliance requirements and how to implement them.
- Strong communication and collaboration skills, with the ability to work effectively with cross-functional teams.
- Domestic US and international travel (EMEA, APAC) up to 1 week per quarter.
- Availability to be on-call if needed.
Bonus points if you have
- Relevant certifications in compliance or security (e.g. CISSP, CISA)
- Understanding of risk management principles and the ability to assess and mitigate compliance risks.
- Familiarity with vulnerability assessment and penetration testing methodologies.
- Experience implementing identity and access management solutions for user authentication and authorization.
- Knowledge of data governance frameworks and practices, including data classification and handling.
Go Google Cloud Platform (GCP) Java Amazon Web Services (AWS) Principal Software Engineer Azure devsecops Certified Information Systems Security Professional (CISSP)