Edtech.com's Summary

MathWorks is hiring a Senior Security Assurance Engineer - Control Framework. The role involves leading security governance by designing, implementing, and enhancing security controls and procedures, conducting audits, and driving compliance to improve the security of products and infrastructure.

Highlights

Establish and review information security policies and controls ensuring alignment with NIST, CMMC, COBIT, and ISO 27001.
Develop and maintain internal security procedures in collaboration with cross-functional teams.
Drive implementation and verification of security controls through quality checks and audits.
Perform compliance monitoring through audits, identify gaps, and ensure remediation actions are taken and sustained.
Required knowledge of security frameworks such as SOC 2, COBIT, ITIL, NIST 800-171, NIST 800-53, ISO 27001/2, and NIST SSDF.
Minimum qualifications include a bachelor's degree with 6 years of experience or equivalent advanced degree experience.
Experience with software development processes and security controls implementation.
Skilled in conducting internal process audits and driving process improvements.
Strong communication skills, including writing, presentations, and group facilitation.
Proven teamwork abilities collaborating across departments and roles.
Salary range $118,400 to $183,600.

Senior Security Assurance Engineer - Control Framework Full Description

Senior Security Assurance Engineer - Control Framework

Team: Software Process Engineering
Location: US-MA-Natick
Salary Range: $118,400 - $183,600

Job Summary

Are you passionate about leading security governance and driving change management initiatives?

Do you thrive on the challenge of designing, implementing, and enhancing security controls and procedures?

If guiding organizations through transformative security improvements excites you, we want to hear from you!

We are looking for a proactive, dynamic, and collaborative team member to drive industry-alignment of our internal security controls, and champion compliance through proactive audits, rigorous quality checks, and actionable solutions that improve the security of our products and infrastructure.

Responsibilities

Policy and Control Development:

Establish quality criteria and review processes for information security policy and control development, ensuring consistency, clarity, and auditability before formal approval.
Review and validate internal security policies and IT General Controls (ITGCs) against quality criteria to ensure they are complete, accurate, traceable, and aligned with NIST, CMMC, COBIT, and ISO 27001 requirements.

Procedure Development:

Partner cross-functionally to drive development and maintenance of internal standards and procedures that support an effective and efficient system of internal controls
Evaluate whether documented procedures accurately reflect approved security policies and meet required quality standards.
Verify that procedures are complete, actionable, and aligned with compliance frameworks, and provide feedback or required revisions to process owners.

Control Implementation:

Drive implementation of security controls and processes by engaging with process owners, control operators, and cross-functional stakeholders.
Independently assess and verify the correct and consistent implementation of security controls across teams and systems.
Conduct quality checks to confirm that implemented controls meet security requirements, are supported by appropriate evidence, and remain effective over time.

Compliance Monitoring:

Perform ongoing audits, spot checks, and control tests to assess the effectiveness, reliability, and sustainability of information security controls.
Identify deviations, gaps, or process defects and ensure that remediation actions are clearly documented, assigned, completed, and validated.
Drive and verify the effectiveness of corrective and preventive actions, ensuring that process improvements are implemented, documented, and sustained.

Minimum Qualifications

A bachelor's degree and 6 years of professional work experience (or a master's degree and 3 years of professional work experience, or a PhD degree, or equivalent experience) is required.

Additional Qualifications

Experience with software development processes.
Hands-on experience with definition and implementation of department / organizational security controls.
Experience with performing internal process audits and process improvement work.
Experience with / understanding of SOC 2, COBIT, ITIL, ISO, IT General Controls (ITGC), NIST 800-171, NIST 800-53, ISO 27001/2, NIST SSDF, and/or other industry standard control frameworks to document and assess Cybersecurity compliance.
Exceptional communication skills including clear and concise writing, an engaging presentation style, and group facilitation.
Strong teamwork skills with a demonstrated ability to collaborate across teams and roles.

Original Job Description

Senior Security Assurance Engineer - Control Framework

Team: Software Process Engineering
Location: US-MA-Natick
Salary Range: $118,400 - $183,600

Job Summary

Are you passionate about leading security governance and driving change management initiatives?

Do you thrive on the challenge of designing, implementing, and enhancing security controls and procedures?

If guiding organizations through transformative security improvements excites you, we want to hear from you!

Responsibilities

Policy and Control Development:

Establish quality criteria and review processes for information security policy and control development, ensuring consistency, clarity, and auditability before formal approval.
Review and validate internal security policies and IT General Controls (ITGCs) against quality criteria to ensure they are complete, accurate, traceable, and aligned with NIST, CMMC, COBIT, and ISO 27001 requirements.

Procedure Development:

Partner cross-functionally to drive development and maintenance of internal standards and procedures that support an effective and efficient system of internal controls
Evaluate whether documented procedures accurately reflect approved security policies and meet required quality standards.
Verify that procedures are complete, actionable, and aligned with compliance frameworks, and provide feedback or required revisions to process owners.

Control Implementation:

Drive implementation of security controls and processes by engaging with process owners, control operators, and cross-functional stakeholders.
Independently assess and verify the correct and consistent implementation of security controls across teams and systems.
Conduct quality checks to confirm that implemented controls meet security requirements, are supported by appropriate evidence, and remain effective over time.

Compliance Monitoring:

Perform ongoing audits, spot checks, and control tests to assess the effectiveness, reliability, and sustainability of information security controls.
Identify deviations, gaps, or process defects and ensure that remediation actions are clearly documented, assigned, completed, and validated.
Drive and verify the effectiveness of corrective and preventive actions, ensuring that process improvements are implemented, documented, and sustained.

Minimum Qualifications

A bachelor's degree and 6 years of professional work experience (or a master's degree and 3 years of professional work experience, or a PhD degree, or equivalent experience) is required.

Additional Qualifications

Experience with software development processes.
Hands-on experience with definition and implementation of department / organizational security controls.
Experience with performing internal process audits and process improvement work.
Experience with / understanding of SOC 2, COBIT, ITIL, ISO, IT General Controls (ITGC), NIST 800-171, NIST 800-53, ISO 27001/2, NIST SSDF, and/or other industry standard control frameworks to document and assess Cybersecurity compliance.
Exceptional communication skills including clear and concise writing, an engaging presentation style, and group facilitation.
Strong teamwork skills with a demonstrated ability to collaborate across teams and roles.

Let me find your next job.

Thanks - you're signed up.

Senior Security Assurance Engineer - Control Framework

Edtech.com's Summary

Senior Security Assurance Engineer - Control Framework Full Description

Senior Security Assurance Engineer - Control Framework

Software Development Engineer

Full Stack Developer

Oracle Database Administrator

DevOps Engineer

Software Engineer (Language Biomarker Lab) - Emory College of Arts and Sciences