Security and Compliance Engineer

Responsibilities

• Own and manage end-to-end compliance certifications including SOC 2 Type II, ISO 27001, GDPR, and other applicable frameworks.
• Design, implement, and improve security controls across cloud infrastructure, access management, and data handling.
• Collaborate with DevOps and Engineering to embed security requirements into CI/CD pipelines and infrastructure-as-code.
• Lead internal readiness assessments, gap analyses, and remediation roadmaps.
• Serve as the primary point of contact for external auditors and respond to customer security questionnaires and due diligence requests.
• Develop and operationalize security policies, standards, and continuous compliance monitoring frameworks.
• Partner with Product and Engineering to assess compliance implications of new features and infrastructure changes.

Requirements

• 5–8 years of experience in security engineering, information security, or a compliance-focused engineering role.
• Hands-on experience owning SOC 2 Type II audits end-to-end, including scoping, evidence collection, and remediation.
• Strong understanding of cloud security fundamentals in AWS, GCP, or Azure (IAM, network security, encryption, and logging).
• Familiarity with data privacy regulations such as GDPR and CCPA.
• Experience using GRC platforms (e.g., Sprinto, Tugboat Logic) for continuous compliance monitoring.
• Solid grasp of secure SDLC practices, vulnerability management, and DevSecOps principles.
• Strong written communication skills for authoring policies and audit documentation.

About the Company

Hevo is a powerful No-code Data Pipeline platform that enables companies to consolidate data from multiple software sources for faster analytics. Hevo powers data analytics for over 2,000 data-driven companies globally. Based in San Francisco and Bangalore, Hevo is on a mission to build technology that is simple to adopt and easy to access, allowing everyone to unlock the full potential of their data.