Security Engineer; Compliance

Security Engineer – Compliance

The Security Engineer (Compliance) will be an integral part of our security team, focusing on governance, risk, and compliance (GRC) programs, supporting both internal and external audit requirements.

• Own, manage, and support the application of key compliance frameworks such as SOC 1 & 2, ISO 27001, CSA STAR, and NIST CSF.
• Develop, control, and maintain organizational policies, procedures, best practices, and guides related to compliance requirements.
• Assist in the design and implementation of an internal audit program to assess process effectiveness, identify improvement opportunities, and detect emerging risks.
• Support the Risk Management Program to embed risk-based decision making, including risk identification, mitigation, monitoring, reporting, and documentation of risk realization/retirement.
• Collaborate with Security Operations (Sec Ops) to ensure security functions meet operational compliance and annual audit standards.
• Ensure technical, operational, and administrative controls are operable and meet SOC 1 & 2 audit requirements.
• Support Quarterly Access Reviews as part of the user access request process.

• 5+ years of proven experience as a System or Information Security Engineer, Compliance Engineer, or Risk Engineer.
• Comprehensive technical knowledge of compliance frameworks and their application across systems and organizations.
• Strong understanding of current security principles, techniques, and protocols.
• Problem‑solving skills and ability to work under pressure.
• Experience with web technologies (web applications, services, SOA) and related protocols.
• Experience with cloud services including Microsoft 365, SharePoint Online, Microsoft Azure, and Amazon Web Services.
• Operational knowledge of security systems such as firewalls, IDS, antivirus, authentication systems, log management, and content control.
• Risk background covering identification, adjudication, mitigation, documentation, communication to leadership, and full risk lifecycle ownership.

Candidate must be able to submit verification of legal right to work in the U.S. without company sponsorship. This position is primarily remote; on‑site travel may be required for onboarding or business events.

Salary Range: $125,000‑$170,000 per year.

BRG is an Equal Opportunity Employer. Our hiring practices provide equal opportunity for employment without regard to race, religion, color, sex, gender, national origin, age, veteran status, ancestry, sexual orientation, marital status, family structure, medical condition, or disability. Vacancies are open to all qualified applicants.