Information Security & Compliance Engineer

Boston, Massachusetts

 

Shorelight is reinventing the international education experience for students worldwide. Based in Boston, the company works directly with top-ranked, nonprofit American universities to build innovative programs and high-touch, technology-driven services that help talented students thrive and become global citizens.

 

The Information Security & Compliance Engineer ensures that Shorelight’s services, applications, and systems comply with current cybersecurity standards and regulatory requirements and are secured against the latest threats. This role develops and implements security compliance programs and policies, conducts regular audits and assessments, creates metrics to demonstrate the organization's compliance posture, and collaborates with cross-functional teams to mitigate risks.

 

The ideal candidate is a problem solver with outstanding oral and written communication skills and a proven ability to articulate security risks at all organizational levels to both technical and non-technical individuals.  He/She/They are an energetic team player who thrives in a fast-paced, high-tech environment and possesses exceptional customer service skills. The ability to adjust quickly to shifting priorities, make informed decisions with limited information, and exercise good judgment in escalating risks and concerns to leadership is essential. The Information Security & Compliance Engineer will influence and motivate participants in cross-team projects to engage in security and compliance initiatives, making the ability to build partnerships and collaborate with key stakeholders critical.

 

·       Develop, implement, and maintain cybersecurity compliance policies, standards, and procedures

·       Monitor and ensure compliance with relevant cybersecurity regulations and industry standards (e.g., GDPR, ISO 27001, NIST)

·       Conduct regular security risk assessments and audits to identify and remediate compliance gaps

·       Coordinate with internal teams and external auditors during compliance audits and assessments

·       Maintain documentation related to compliance activities, including reports, policies, and procedures

·       Provide guidance and training to staff on compliance requirements and best practices

·       Stay updated on the latest cybersecurity laws, regulations, and industry trends to ensure organizational compliance

·       Collaborate with Technical Operations & other internal teams to integrate compliance requirements into systems and processes

·       Develop metrics and reports to demonstrate compliance status to leadership and stakeholders

 

·       Identify and assess cybersecurity risks, developing strategies to mitigate them

·       Establish and manage a cybersecurity governance framework aligned with business objectives

·       Collaborate with senior management to align security compliance strategies with organizational goals

·       Participate in the development of business continuity and disaster recovery plans

·       Oversee data security and data governance initiatives to protect sensitive information

·       Conduct risk evaluations for new processes, products, vendors, and services

 

·       Working collaboratively with our Cloud Engineer, develop and maintain cloud security controls and best practices

·       Work closely with Engineering and Operations teams on secure-by-design coding practices, penetration testing, vulnerability scanning and assessment, and remediation

·       Set up and maintain tools and sensors to detect various attacks and exploitation techniques targeted towards cloud platforms and applications running within them

·       Develop, facilitate, and distribute security training modules and corresponding security materials

·       Security incident response

 

·       Maintain Docker container and Kubernetes security, including pod-security and network security policies

·       Support the DevOps and Engineering teams in developing infrastructure-as-code using Terraform, CloudFormation, CI/CD, GitHub, etc.

·       Manage security across various Amazon Web Services (AWS) tools/products such as, VPCs, Flowlog, CloudTrail, S3, Route53, Elb, CloudFront, and WAF

·       Partner closely with Engineering and Product teams to suggest improvements that increase application security

 

·       7+ years of experience in cybersecurity compliance, information security, or related fields

·       Bachelor's degree or equivalent experience in Information Security, Computer Science, or a related field

·       Professional certifications such as CISSP, CISA, or CISM

·       Experience managing security vendors and managed-services providers

·       Strong understanding of cybersecurity regulations and industry standards (e.g., GDPR, ISO 27001, NIST)

·       Familiarity with Cybersecurity, Risk Assessment, Network Security, Identity and Access Management (IAM), Data Security, and Data Governance

·       Excellent understanding of network and web-related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, HTTPS)

·       Ability to occasionally provide weekend and after-hours support

 

·       Degree in Information Security, Cybersecurity, or a related field desired

·       Strong technical background and skillset

·       Strong background in cybersecurity governance and risk management

·       Additional certifications such as CRISC, CGEIT, or SANS GIAC

·       Experience with cloud security compliance frameworks (e.g., AWS, Azure)

·       Familiarity with OWASP, static/dynamic analysis, and common exploit tools and methods

·       Prior experience managing and growing a team in a compliance-focused role

 

To apply for this position, please visit the Shorelight Careers page to submit an application with a resume and cover letter.

 

Background Check Required—Education, Criminal, Identity

 

Shorelight is an Equal Opportunity Employer