Senior Compliance Specialist
Business Unit: Product Lifecycle Management-PLM
Requisition Number: 222806
Primary Location: United States-North Carolina-Charlotte
Assignment Category: Full-time regular
Experience Level: Mid level
Education Required Level: Bachelor's Degree
Travel Required: 10%
New Division verbiage needed
Siemens US Talent Acquisition
The senior compliance officer (CO) will work with internal teams &
external auditors to identify gaps in existing security controls while
ensuring alignment to industry standards. Previous experience with
assessment and authorization (A&A) or certification and accreditation
(C&A) processes for a large enterprise will be extremely helpful in
this role however the ideal candidate will demonstrate understandingof
security framework commonalities with a deep understanding of tailoring
the security controls. The CO will work internally withteams to
develop documentation while embedding compliance requirements into the
end to end processes. The senior CO will exhibit leadership and show
value as a business enabler for the teams who helps shepherd and embed
compliance into the Siemens PL cloud systems.
In this role, you will build partnerships with the Information
Technology and Operations teams to successfully achieve higher level
GRC (Governance, Risk management & Compliance) related goals and
objectives while maintaining industry compliance activities. This is a
hands-on role where the Compliance Officer must work with a combination
of management, technical, and non-technical staff. The role requires
regular interaction with theCheif Security Officer (CSO) & cloud
services teams accross an enterprise structure so previous experience
within a security department where you performed audits, risk scoring,
security controls assessments, or security compliance activities is a
A successful candidate will be a self-starter, have a solid
understanding of security policies, processes, excellent project
management skills, demonstrated an ability to run multiple, large
initiatives simultaneously, and be a superb manager who will achieve
results while maintaining a high velocity of activity across the
security program. The ideal candidate will be experienced with agile
development methodologies and able to drive agile processes throughout
the security teams.
* Drive and support the information security compliance related
activities within the group
* Work with the in country compliance officer to ensure the
regulations, policies, procuedures and controls are followed per the
in-country laws for the cloud service offerings.
* Responsible for defining and mapping compliance controls
* Serve as a compliance subject matter expert on FedRAMP, ISO 9001,
SOX, & PCI
* Support modernization activities including the move to cloud-based
* Achieve a robust security compliance program
* Demonstrated ability to workwith multiple security compliance
* Define & develop model to best implement controls across teams in a
cloud native environment
* Provides subject matter expertise in security compliance activities
* Develops security compliance reports while performing tracking
* Interprets compliance deficiencies and enables teams to incorporate
the full spectrum of security compliance requirements into their build
* Performs documentation updates and develops security compliance
* Translates security framework requirements into actionable, tailored,
and appropriate compliance requirements forthe team
* Communicates statuses and shepherds compliance activities throughout
* Supports the security officer as an advocate of information security,
GRC, and privacy programs across the team
- Presents ongoing status and compliance tracking of Siemens
information security compliance program to the in country compliance
officer, management & Chief Security Office (CSO)
- Provides expert-level analysis of compliance requirements to ensure
that Siemens industry certification programs are continuously improved
- Collaborates closely with other departments to ensure that the
information security compliance requirements are met.
- Maintains compliance documentation to support ISO 27001, SOC and
similar compliance requirements
- Supports automated compliance tools and capabilities
- Report and escalate security weaknesses and issues to management as
- Manages relationships with the IT, Information Security, and other
- Lead organization’s security compliance management programs
- Drives compliance efforts and provides security compliance leadership
- Manages the full spectrum of compliance projects such as: FedRAMP,
ISO 9001, SOC, and others
- Acts as an advocate of information security, GRC, and privacy
programs across the organization.
- Maintains IT security compliance programs in accordance with industry
standards and requirements
- Prepares reports and performance metrics for IT security compliance
to senior management
- Provides expert-level analysis of compliance activities including
alternatives analysis, security design reviews, and implementation
- Collaborate closely with other departments to ensure that the
information security compliance and risk management requirements are
- Ensures that Siemens maintains compliance to industry security
- Provides project management support to ISGRC and other businessunits
as appropriate in responding to audits and other information requests,
and assists or coordinates the development and oversight of functional
- Ensures that all compliance projects are delivered on-time, within
scope, and within budget.
- Coordinates internal resources and third parties or vendors for the
execution of projects
- Report and escalate project issues to management as needed
- Manages the relationships with the IT, Information Security, and
- Supports in risk management activities to minimize business or
- Develops detailed compliance project plans to track compliance
- Other duties as assigned.
* Define & build the compliance and risk management function within the
Siemens PL cloud services
* Manage, oversee, and guide information security policy projects and
* Lead compliance awareness and training initiatives
<dups from security sr role>
* Support compliance officer in achieving industry certifications (e.g.
ISO 9001, SOC, FedRAMP, etc.)
* Lead organization’s security policy efforts and policy related
activities for risk management
* Contribute security best practices to Operations strategy planning,
design, implementation, and maintenance activities.
* Ensure the production environment is operating in accordance with
established security procedures and best practices.
* Manages senior policy consultants or other policy analysts where
* Manages and aligns security policies to industry standards
* Acts as an advocate of information security, GRC , and privacy
programs across the organization.
* Maintains security policy program in accordance with industry
standards and requirements.
* Prepares reports and performance metrics on security policy for
* Provides expert-level analysis of policy activities including: policy
impacts on IT systems; procedural integration and alignment to policy;
alternatives analysis; and policy rollout or implementation plans.
* Writes, edits, and maintains information security policies,
procedures, standards, and guidelines.
* Develops, manages, and maintains enterprise wide phishing campaigns
to test security awareness and training.
* Develops, manages, and maintains enterprise wide security awareness
and training programs.
* Performs contract reviews of data security addendums, vendor
responses, and works to ensure alignment to Siemens PL policies.
* Collaborate closely with other departments to ensure that the
information security policy, compliance, and risk management
requirements are met.
* Ensures that Siemens PL Cloud Services maintain compliance to
generally accepted security practices which are reinforced through
sound security policy.
* Provides project management support to GRC and other business units
as appropriate in responding to audits and other information requests,
and assists or coordinates the responses to policy inquiries.
* Ensures that all policy projects are delivered on-time, within scope,
and within budget.
* Coordinates internal resources and third parties or vendors for the
execution of security projects
* Report and escalate security project issues to management as needed
* Manages the relationships with the IT, Information Security, and
* Supports in GRC activities to minimize business or project risks
* Develops detailed project plans to track statuses
* Other duties as assigned.
* Bachelor’s Degree in Business, Management, Computer Sciences, or
equivalent prior work experience in a related field
* Senior level compliance experience, including control mapping,
support, mentorship/training, and oversight in an enterprise setting
* 5+ years of experience with mapping compliance controls to process
* Strong audit background and experience
* Ability operate in a fast pased environment with multiple
* Familiarity with agile & waterfall SDLC's
* Deep understanding of informationsecurity risk management frameworks
such as ISO 27001, NIST, NIST 800-190, etc.
- Deep understanding & with execution of Privileged Access Management
- compliance experience 10 yrs
- Collaborate with BU's to ensure that all related controls and
measures are implemented, managed, controlled and reported.
- cloud centric experience (2-5 yrs)
- Responsible for coordinating the investigation and resolution of
incidents at the affected units and relevant partners.
- works w/ BU's to suggest & translate the required & best practice
security for architected services
- auotmation framework experience
- nice to have (coding background)
- knowledgable in SDLC & coding standards
* Demonstrated competency in information security management for a
cross-functional environment and with the proven ability to lead
security and technical teams is require
* Experience in creating and maintaining compliance management
schedules to ensure on-time delivery of information security compliance
* Current Information Security Certification (e.g. CISSP, CISM, CISA,
or related security certification) preferred or the ability to attain
one within 6 months of hire
* Excellent client-facing and internal communication skills
* Excellent written skills and a demonstrated ability to express
technical requirements in words through technical documentation are a
* Strong understanding of security products and concepts such as
firewalls, VPNs, IDS and other security devices.
* 7+ years of IT experience (5+ years with Master’s Degree)
* 5+ years experience with open source tools (Linux, Python, Git,
* 4+ years experience developing, tailoring, updating, and managing
security policy lifecycles
* 3+ years of cloud native application security experience
* 3+ years experience system automation with enterprise level
requirements, distributed environments
* 2+ years experience with networking and network/system security,
including firewalls, VPN, routing, switching, load balancers,
monitoring, security and DNS
* Ability to manage goals, track milestones and report on status
* Act as a technical resource for a variety of information security
projects that arise from current business and technological
* Knowledge of risk assessment procedures, policy formation, role-based
authorization methodologies, authentication technologies, and security
* Ability to work effectively in both an independent and team
* Experience in leading or managing strategic thinking and planning
* Must have the ability to communicate technical and compliance-related
conceptsto a broad range of technical and non-technical staff,