We are looking for a Security Assurance Engineer to join our team, owning the policies, risk programs, and audit processes that keep our products secure and our customers confident. You will work directly with Engineering, Legal, HR, and IT to translate complex regulatory requirements into practical guidance teams can act on.
What You''ll Do
Policy & Standards
Own the security and privacy policy library: drafting, updating, and rationalizing policies across ISO 27001, SOC 2, HIPAA, and GDPR requirements
Translate regulatory requirements into practical, enforceable controls that engineering and operations teams can actually implement
Maintain alignment between the ISMS (ISO 27001) and QMS (ISO 13485) documentation to reduce duplication and audit burden
Risk Management
Conduct and maintain risk assessments across the enterprise, including vendor/third-party risk, product risk, and operational risk
Own the risk register and work with risk owners to track treatment plans and exceptions
Perform security assessments for new tools, AI systems, and vendors before adoption
Compliance & Audit
Coordinate evidence collection and remediation for SOC 2 Type II, ISO 27001, and customer audits
Respond to customer security questionnaires (MDS2, SIG, CAIQ, custom) efficiently and accurately
Track regulatory changes (EU AI Act, state privacy laws, FDA guidance) and assess their business impact
Cross-Functional Collaboration
Partner with Engineering on secure development practices, threat modeling, and SDLC compliance
Support HR and IT on security awareness, onboarding/offboarding, and acceptable use policies
Work with Legal on DPAs, contract security terms, and incident notification requirements