Compliance Engineer (Remote)

DataBank Holdings Ltd. is a leading provider of enterprise-class data center, cloud, and interconnection services, offering customers 100% uptime availability of data, applications, and infrastructure. DataBank's managed data center services are anchored in world-class facilities. Our customized technology solutions are designed to help customers effectively manage risk, improve technology performance, and allow focus on core business objectives. DataBank is headquartered in the historic former Federal Reserve Bank Building, in downtown Dallas, TX.

DataBank is proud to be an Equal Opportunity Employer. Our work culture at DataBank does not discriminate based on actual or perceived race, creed, color, religion, alienage or national origin, ancestry, citizenship status, age, disability or handicap, sex, marital status, veterans' status, gender, gender identity, gender expression, genetic information, sexual orientation, or any other characteristic protected by applicable federal, state, or local law.

The Compliance Engineer (CE), with supervision, has a primary function of assisting the Director of Compliance in the development, implementation, and maintenance of systems and data security policies for all DataBank and customer managed IT services. The CE will work with DataBank internal business areas and customers to ensure that the defined boundary environments are in compliance with directed, relevant state, federal, and industry information security practices and regulations. The CE works closely with the Director of Compliance to develop and maintain policies for information security including data classification and handling, systems and data access, acceptable use, network access, user account life cycle management and authentication, incident handling, breach response protocols and others as directed. This person acts as a channel of communication to receive and review continuous monitoring reporting for FedRAMP systems, receive and direct compliance questions and issues to appropriate resources within the organization for investigation and appropriate resolution and work with the Sales and Marketing teams to convey DataBank compliance options to potential new customers. The CE reports to the Director of Compliance.

Responsibilities

• Works with the Director of Compliance to assist in the development, implementation, auditing / continuous monitoring and enforcement of security and compliance policies and procedures.
• Prevents compliance issues through proactive efforts of relationship development, research and continuous monitoring.
• Relationship Development with various internal DataBank teams.
• Work in concert with the sales engineering planning and design teams to review proposed customer architecture; identifying and resolving compliance violations prior to product delivery; identifying short-term and long-range issues.
• Continuous Monitoring for FedRAMP, SSAE, PCI-DSS, HIPAA and other compliance frameworks.
• Works to perform pro-active security scans and / or reviews of systems, networks and applications for vulnerabilities.
• Reviews scan results with appropriate parties to suggest and / or assist with remedial action. Document known issues in the POA&M or through customer ticketing.
• Contributes to the preparation of studies and reports containing findings and recommendations for the implementation of systems, security and application software.
• Research : Researching and identifying applicable regulatory and industry compliance standards, producing research papers on emerging compliance trends and requirements.
• Suggests changes and enhancements to server and network configurations and data handling and storage procedures to improve security and reduce the risk of sensitive data assets being mishandled, exposed, and / or exploited. This includes potential violations of State, Federal, and industry regulations and polices such as FedRAMP, FISMA, HIPAA / HITECH, Sarbanes-Oxley, Gramm Leach Bliley, PCI-DSS, ISO 27001 and SSAE.
• Works with the Human Resources Department and others as appropriate to develop and manage an effective Security Awareness and compliance training program, including appropriate introductory training for new employees as well as ongoing training for all employees and managers.
• Abides by all applicable legal statutes, policies, and procedures to maintain the chain of custody for any materials or data that may be used in a court of law.
• Maintains integrity and appropriate confidentiality in all institutional and program operations.
• Knowledge of regulatory and compliance processes.
• Familiarity with State, Federal, and industry regulations, policies and processes such as (but not limited to) FedRAMP, FISMA, HIPAA / HITECH, Sarbanes-Oxley, Gramm Leach Bliley, SSAE, ISO 27001 and PCI-DSS.
• Strong writing skills with focus on ability to write business, policy and procedural documentation.
• Strong customer service skills.
• Ability to learn quickly, adapt to customer needs and use existing online resources.
• Ability to communicate organizational security policies, standards, and guidelines to internal co-workers, existing and potential customers in a clear, knowledgeable and concise manner.
• Continually grows in technical knowledge and understanding of cyber security threats and trends.
• Reports operational status of enterprise / departmental applications and enterprise network infrastructure to the CISO.
• Provides documented security information to internal organization departments.
• Entry level technical understanding of current cyber security threats, trends, and mitigations such as malware variants and mitigation techniques.
• Able to work with little supervision or with a team, take direction and effectively execute, work to ensure customer SLA's and expectations are met.
• Ability to work as a self-starter in a remote setting.
• Prior experience in security or IT environment a plus.
• Performs related duties, as required and assigned.
• Other duties as directed.

Qualifications

Benefits