Director, Compliance Engineering
Company
Work matters. It’s where we spend a third of our lives, and fortunately, the workplace of the future is going to be a great place. We’re dedicated to bringing that to life for people everywhere. That’s why we put people at the heart of everything we do.
People matter. Our people have a passion for learning, building, and innovating. Whether you’re an engineer, a sales professional, a finance professional, or anything in-between, our roles aim to provide each person with meaningful impact and plenty of space to grow.
Role
The Director, Cloud Compliance Engineering, will be responsible for architecting and defining technical strategy, and leading program management for the Cloud Compliance Engineering team. This team’s function includes designing and implementing a common control framework, deploying and managing control monitoring testing and automation, and analyzing compliance changes to product application, platform, and infrastructure for ServiceNow’s cloud offerings, globally. This role will work collaboratively across compliance, engineering, sales, operations, privacy, security, and governance functions to design, build, and execute a world-class compliance management program while utilizing the ServiceNow platform. The Director, Cloud Compliance Engineering, will collaborate with these teams and additional groups across the company on an ongoing basis, to continuously monitor and ensure ServiceNow products and services address compliance requirements, and that controls are designed and operating as intended in the environment.
This role will also define and execute strategy and product support for customer regulatory and compliance control capabilities. Based on best-practices defined by the Cloud Compliance Engineering program, this role will build capabilities to enable customers to streamline and achieve compliance objectives when using ServiceNow. Enablement capabilities include cross-group collaboration and development of trust-related documentation and tools such as: compliance strategies and approach documentation, compliant reference architectures, GRC configuration guidelines, and continuous monitoring design for customer and shared control responsibilities. This role will report to the Sr. Director of Cloud Governance, Compliance & Certification.
What you get to do in this role:
- Establish best in class processes, operations, engineering & automation for managing and monitoring compliance at the cloud Application, Platform, and Infrastructure levels.
- Lead strategy and execution of the cloud Common Control Framework (CCF) and Continuous Control Monitoring (CCM) programs to address current domains (i.e. Security, Privacy, Quality, Sustainability and Accessibility) and third party attestations/certification (i.e. ISO 27001, ISO 27017, ISO 27018, ISO 27701, SOC 1, SOC 2, NIST 800-53, MTCS, IRAP, German C5 and more).
- Develop and maintain policy and procedures that drives key activities.
- Drive compliance onboarding and significant change request process along with cloud risk management teams to identify new product applications, features, deployments, and functionality to ensure timely inclusion in compliance programs and certifications.
- Evangelize CCF to drive control owner awareness and education to ensure controls are implemented, maintained and compliant.
- Develop and lead new domain/certification ingestion process for new standards, regulations and/or other requirement sets presented to address regulated markets, risk mitigation and/or company forward thinking.
- Drive efficiency in the compliance process through automation and rationalizing configuration / code-based compliance controls over manual process and controls.
- Work with engineering teams on new cloud and datacenter deployments, addressing compliance requirements as part of initial design and deployment.
In order to be successful in this role, we need someone who has:
- 10+ years related experience, with 5+ years of hands on leadership experience in Governance Risk and Compliance fields.
- Deep understanding of commercial certification and attestation to include SOC 1, SOC2, ISO 27001, ISO 27701, PCI-DSS, HITRUST, Singapore MTCS, and Australia IRAP
- Strong understanding of Federal compliance certifications and requirements such as NIST 800-53 and FedRAMP is a plus.
- Experience and demonstrated understanding of other global cloud certifications such as German C5, France HDS, France SecNumcloud, India Meity, and S. Korea K-ISMS is a plus.
- Demonstrated ability to build out scalable compliance systems and processes for complex environments and regulations.
- Demonstrated ability to build and lead product development. Product development around compliance / GRC tooling a plus.
- Deep understanding of compliance audit testing and design of tests.
- Strong understanding of security and regulatory objectives, control automation, and building scalable control implementations for multiple cloud environments a plus.
- Self-motivated, self-directed, and able to thrive in a fast-paced environment with a passion to make an impact.
- Ability to work across the organization to evangelize and influence company compliance efforts.
- Demonstrated ability to interface successfully with customers and engineering teams in critical and challenging audits and conversations.
- Strong leadership skills, strategy, analytical, problem solving, decision-making; works under minimum direction.
- Prior experience at a SaaS, Paas or IAAS Cloud company.
- Master’s degree or related experience; certifications highly regarded.
- Willing to travel up to 25%+ is required.
EEOE Statement Section
ServiceNow’s EEOE statement is automatically added to each U.S. based job description.
ServiceNow is an Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, national origin, age, disability, gender identity, or veteran status. If you are an individual with a disability and require a reasonable accommodation to complete any part of the application process, or are limited in the ability or unable to access or use this online application process and need an alternative method for applying, you may contact us at [email protected] for assistance.