Security Compliance Engineer III

When you think of InComm Payments, think of Innovative Payments Technology. We were founded over 30 years ago and continue to be a pioneer in the payment (FinTech) industry. Since our inception, we have grown to be a team of over 3,000 employees in 35 countries around the world. We own over 400 global technical patents and a network that includes over 525,000 points of retail distribution that points to our industry expertise.

We are significantly growing our Engineering and IT teams in Brazil and are focused on finding talent for various financial technology (Fintech) engineering, database, development, and testing teams.

InComm Payments is highly focused on our people and their growth, and we work hard to make a career at InComm Payments meaningful and rewarding. We value innovation, quality, passion, integrity and responsibility in all that we do, and we are looking for great people to join our team as we move forward towards a very bright future. We anticipate developing future leaders for our teams in Brazil

Benefits include health and dental insurance, meal and restaurant vouchers, fixed monthly stipend for internet and mobile expenses, InComm hardware/software, and annual bonuses. All positions are CLT.

You can learn more about InComm Payments by visiting our Website or connecting with us on LinkedIn, YouTube, Twitter, Facebook, or Instagram.

Our Security Compliance organization is growing in Brazil. As a Security Compliance Engineer lll, you will be part of the Security & Healthcare Compliance team within the Security organization of InComm Payments. In this position, you will help the team strategically develop ways to monitor and report security and compliance risks with a focus on automation and process optimization. This will be driven by using the various laws, regulations, standards, and frameworks that InComm Payments must adhere to. As InComm Payments is a primarily US based company, there is heavy emphasis on both global industry standards and frameworks, as well as US laws and regulations including, but not limited to: NIST CSF, PCI DSS, PCI SSF, CMS, HIPAA, HITRUST, GLBA, US State Laws (NYDFS, CCPA, etc.), and InComm Policy to name a few. In this position, you will help facilitate InComm Payments' mission to maintain its various third-party attestations (PCI, SOC, HITRUST) as well as help InComm Payments maintain and obtain any new security related certifications, as necessary. You will work with all teams and levels of leadership within the organization to guide InComm Payments in designing and monitoring systems to achieve and maintain compliance. This position requires a highly organized and detail-oriented individual with excellent interpersonal and communication skills.

It is important to note that the Security Compliance Engineer lll role is within the compliance organization that handles both security compliance and healthcare compliance. The compliance team guides the organization on how to be compliant with the above stated obligations. You should have at least a high-level knowledge or be prepared to obtain knowledge about the regulatory obligations stated above. As a technical and security-minded professional, your main focus will be to help assess systems for compliance as well as help our team and others with designing ways to better monitor systems for compliance. You should be security-minded and have a passion for elevating compliance and the organization.

CLT and fully remote position. Must reside in Brazil. Benefits include:

• Health and dental insurance
• Meal and restaurant vouchers
• Fixed monthly stipend for internet and mobile expenses
• Company-issued device (hardware and software)
• Annual bonuses

As a Security Compliance Engineer lll, you will report to the Security & Healthcare Compliance Manager and serve as a senior technical resource within the team, responsible for identifying security and compliance deficiencies across systems and processes. Specific responsibilities include:

• Managing or supporting the maintenance and growth of the continuous monitoring program and helping non-compliance teams with implementing their own compliance monitoring functions.
• Analyzing and interpreting industry standards, regulations and laws as well as industry trends to refine and define the compliance program.
• Developing and documenting automation to help the company implement better controls and monitor the effectiveness of those controls.
• Preparing reporting metrics that capture the compliance posture of the various business units and security and compliance controls within the different environments at InComm Payments.
• Implementing automated evidence collection techniques to assist with external audits and internal monitoring.
• Partnering with security teams, IT teams and the business to identify and analyze security requirements to align with compliance requirements.
• Identifying, investigating, and reporting potential compliance violations and providing guidance on solutions to remediate where necessary.
• Educating and building awareness of compliance requirements and the compliance program as well as security domains and security tools.
• Supporting the organization by creating a security-first mindset to facilitate a secure environment while achieving compliance in parallel.
• Leading or participating in internal reviews to assess projects to validate that the compliance posture remains intact post-change.
• Supporting the team in other activities such as healthcare attestation requests from health plans and annual audit requests for third party audits and assessments.

• Minimum of 5 years of experience in Information Security and/or IT Compliance or related industry.
• Experience in scripting languages and other automation techniques for monitoring program level functions and compliance controls, including evidence gathering and policy-as-code.
• Expert in data collection and analysis techniques.
• Familiarity with systems integration techniques.
• Experience with leading process and program development for large, widespread new functions.
• Experience in performing self-assessments/gap analyses to align with internal and external standards.
• Expert in understanding the security component of compliance requirements and guiding people on how closely related they are.
• Knowledge of applying compliance requirements and methodologies to new and changing system designs and architectures.
• Hands-on moderate to expert experience with a broad range of IT and Information Security products and technologies such as identity and access management, vulnerability management, encryption key management, logging, and application security systems.
• Strong analytical problem-solving skills, very detail oriented and organized approach, excellent communication skills and strong interpersonal skills.
• Strong communication and understanding, both written and verbal in English.
• Strong ability to relay technical concepts in a clear and concise manner.
• Ability to work well in a cross-functional team environment.
• Comfortable interfacing with and gaining the trust of all levels of the workforce.
• Must be a self-starter, flexible, innovative, and adaptive.

• Associate Degree, or Technologo (Technologist) Degree, or higher is required.
• CISA, CISM, CISSP or other equivalent certification preferred, but not required. Career development plan to include certifications upon hire.
• Strong knowledge of technology such as Windows, Linux, Oracle/MSSQL, Azure/AWS, Active Directory, SIEMs, Network Security, and Application Security.
• Strong knowledge and understanding of security best practices (NIST CSF).
• Knowledge and understanding of CMS, HIPAA, HITRUST, PCI, US State Laws (NYDFS, CCPA, etc.). Ability and desire to learn more about these obligations where not as strong. The heaviest areas that the team works in are PCI, HITRUST, HIPAA and CMS; therefore, it is critical to have working knowledge of these and/or be able to learn and apply the concepts of those requirements.

InComm Payments provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, sexual orientation, gender identity or national origin, citizenship, veteran's status, age, disability status, genetics or any other category protected by federal, state, or local law.

*This position is eligible for the Employee Referral Bonus Program Tier 4 - #LI-Remote #LI-SO1