Senior Security Assurance Engineer - Regulatory Compliance

Summary

Math Works has a hybrid work model that enables staff members to split their time between office and home. The hybrid model provides the advantage of having both in‑person time with colleagues and flexible at‑home life optimizations. Learn More:  Join Math Works as a key player in safeguarding our organization’s regulatory compliance and risk posture! In this dynamic role, you’ll translate evolving regulatory requirements into actionable technical solutions for both cloud and on‑premises environments, champion external certification efforts, and lead organizational training initiatives.

You’ll independently assess cybersecurity risks, shape our risk management strategy, and ensure that our compliance program aligns with industry best practices. Your expertise will drive the accuracy and clarity of risk and compliance reporting, help identify systemic gaps, and deliver actionable insights to leadership—making a direct impact on Math Works’ security and regulatory excellence. Math Works nurtures growth, appreciates inclusivity, encourages initiative, values teamwork, shares success, and rewards excellence.

• Stay on top of industry knowledge and changing regulatory landscape to identify impact to Math Works.
• Provide subject matter expertise in translating security, regulatory, and compliance requirements into technical requirements and implementing effective solutions for cloud and on‑premises environments.
• Verify that regulatory changes are correctly interpreted, incorporated into standards, and consistently implemented across relevant processes and teams.
• Drive external certification/attestation efforts to support regulatory compliance.
• Identify organizational training needs for topics involving regulatory compliance and risk management.

• Independently review and validate cybersecurity risk assessments and vulnerability analyses to confirm that methodologies, inputs, and conclusions meet defined security standards.
• Evaluate the changing operating landscape and determine its impacts on organizational risks, obligations and external expectations; recommend changes to risk approach to ensure consistency with current security best practices.
• Assess the quality and completeness of risk identification for cloud‑hosted services and on‑premises environments, and verify that mitigation recommendations are appropriate, actionable, and tracked to closure.
• Develop and implement a risk‑based IT/Information Security/Privacy compliance program to ensure adherence to key regulatory requirements/expectations and industry best practices.

• Define and maintain quality criteria for risk and compliance reporting, including data integrity checks and documentation of assumptions.
• Review and validate risk analysis reports, dashboards, and metrics to ensure accuracy, clarity, and consistency prior to distribution to management and stakeholders.
• Track and analyze recurring issues, audit findings, and defects related to regulatory compliance and risk management to identify systemic gaps, and periodically report insights to management.

• A bachelor's degree and 6 years of professional work experience (or a master's degree and 3 years of professional work experience, or a PhD degree, or equivalent experience) is required.

• Experience with software development processes.
• Practical experience with policy and regulatory mandates such as SOC 1/SOC 2, CSA‑CCM, ISO
  27001/27002/22301/27017/42001, GDPR, CCPA, PCI‑DSS, the NIST Risk Management Framework, and associated standards such as NIST SP(s) 800‑34/800‑53 Revision 5/800‑171, FedRAMP, CMMC 2.0.
• Exceptional communication skills including clear and concise writing, an engaging presentation style, and group facilitation.
• Strong teamwork skills with a demonstrated ability to collaborate across teams and roles.