Security and Compliance Engineer

We are seeking a detail-oriented and analytical Security and Compliance Engineer to join our team in Woburn, United States. In this role, you will be responsible for developing, implementing, and maintaining our organization's security and compliance programs to protect our information assets and ensure adherence to regulatory requirements.Key Responsibilities:Compliance Management:Monitor and enforce compliance with security standards, policies, and regulations such as GDPR, HIPAA, PCI-DSS, SOC 2, ISO 27001, and others.Conduct regular audits to ensure adherence to security best practices and regulatory frameworks.Assist in preparing for external audits, ensuring necessary documentation and evidence are in place.Risk Assessment:Assess and evaluate potential security risks in systems, applications, and processes.Conduct vulnerability assessments, risk assessments, and gap analyses to identify areas of non-compliance or weaknesses.Recommend corrective actions or enhancements to improve security and compliance posture within the Sirtex landscape.Security Framework Implementation:Develop, implement, and maintain security policies and procedures aligned with industry standards and regulatory requirements.Ensure proper implementation of controls (e.g., encryption, authentication) to meet compliance requirements.Collaboration:Work with the Director of IT and operations along with legal, and other relevant teams to ensure compliance with internal and external security standards.Provide guidance on security best practices for internal projects, system deployments, and new product launches.Documentation & Reporting:Maintain accurate documentation of compliance activities, audits, risk assessments, and findings.Prepare reports and presentations for senior management, highlighting compliance status, risk assessments, and recommendations.Incident Response:Participate in incident response activities related to security breaches, ensuring timely reporting and corrective actions in line with regulatory requirements.Assist in maintaining and testing disaster recovery and business continuity plans.Training & Awareness:Conduct regular training sessions for employees regarding security policies, compliance requirements, and best practices.Promote awareness of security issues within the organization and ensure compliance with security practices.