Compliance Engineer

Summary

Andersen is hiring a Compliance Engineer for a project developing AI-driven digital solutions, intelligent automation, and next-generation technology platforms.

Andersen is a pre-IPO software development company providing a full cycle of services. For over 19 years, we have been helping enterprises and middle-sized firms worldwide transform their businesses by creating effective digital solutions using innovative technologies. Our expertise covers FinTech, Healthcare, Retail, Telecom, Media & Entertainment, Logistics, Travel & Hospitality, eCommerce, and other industries.

The project is focused on establishing and enhancing governance, risk, and compliance processes within a regulated enterprise environment. It includes implementing security and risk management frameworks, supporting audit and certification readiness, and improving organizational compliance through effective controls, policies, and risk management practices.

Responsibilities

• Designing, implementing and improving governance, risk and compliance frameworks.
• Building and operationalizing enterprise risk management frameworks based on ISO 31000.
• Designing and implementing ISMS aligned with ISO 27001.
• Conducting gap assessments and risk assessments.
• Identifying, classifying and tracking organizational risks.
• Creating risk registers and remediation roadmaps.
• Developing security policies, standards, procedures and control documentation.
• Conducting compliance audits against NIST CSF, SCA, local regulations and other frameworks.
• Preparing audit evidence and maintaining compliance traceability.
• Supporting internal audits and external certification readiness.
• Managing compliance findings through remediation plans / CAPA.
• Building risk metrics, dashboards and reporting for stakeholders.
• Collaborating with cross-functional teams: engineering, HR, procurement, executive leadership.
• Supporting vendor risk, access governance and personal data protection initiatives.
• Embedding security and compliance practices into day-to-day delivery workflows.
• Supporting adoption of compliance automation solutions.

Requirements

• Experience in Compliance, GRC, Risk Management or Information Security for 4+ years.
• Strong experience with ISO 27001 implementation and ISMS development.
• Experience with enterprise risk management frameworks, especially ISO 31000.
• Hands-on experience with NIST CSF.
• Experience conducting risk assessments and compliance gap assessments.
• Experience creating and maintaining risk registers.
• Experience developing remediation roadmaps and tracking compliance gaps.
• Experience preparing audit evidence and supporting certification readiness.
• Experience creating policies, procedures, standards and compliance documentation.
• Strong stakeholder management and cross-functional collaboration skills.
• Experience working in enterprise / regulated environments.
• Knowledge of security controls, IT risk and governance practices.
• Experience with Jira, Confluence, Excel and PowerPoint.
• Level of English – from Upper-Intermediate and above.

Desired skills

• Experience with HITRUST.
• Experience with PCI-DSS.
• Experience with OWASP SAMM.
• Experience with Nessus and vulnerability management processes.
• Experience with Strong Customer Authentication compliance.
• Experience in enterprise banking domain.
• Experience with compliance automation or estimation tools.
• AWS Certified Cloud Practitioner certification.
• Experience with MS Visio.
• Experience supporting external audits and first-time ISO 27001 certification.
• CISA certification.
• CISM certification.

Reasons to join us

• Andersen cooperates with such companies as Siemens, Johnson & Johnson, AstraZeneca, BNP Paribas, Allianz, Ryanair, TUI, Verivox, Media Markt, etc..
• For the past four years, our company has been growing annually by 60–100%, and we constantly involve top-notch specialists in our team.
• Andersen has mentoring and adaptation systems for new employees, and transparent performance review and assessment systems will allow you to determine your development path and plan your growth.
• The most important thing that we value in our employees is a commitment to continuous learning. The company supports them in this and gives them access to the best educational platforms, seminars, and practices. In addition, for over 19 years, Andersen has assembled a huge knowledge base and established a robust resource management institution.
• We have been strengthening our expertise since 2007. During this time, we have formed excellent teams with streamlined processes, where you can learn something new from your colleagues every day and enjoy your work.
• We are a cool young team of like-minded people communicating informally.
• You'll have a stable and competitive salary and an extensive benefits package.
• At Andersen, we have many different ways to grow. You can improve as a specialist or a manager, and all your activities will be decently rewarded.

Join us!

Локации

Worldwide