RemoteTips
Back to Jobs
Security & Compliance Engineer
Arist
New York, NY
Full Time
2 hours ago
Mid LevelLegal
Over $120K

USD per year

Job Description

Security & Compliance Engineer

Arist New York, NY 3 weeks ago 66 applicants See who Arist has hired for this role

Apply

Arist provided pay range

This range is provided by Arist. Your actual pay will be based on your skills and experience — talk with your recruiter to learn more.

Base pay range

$160,000.00/yr - $175,000.00/yr Arist is the go-to agent-first enablement platform for the Fortune 500. Every deal ships with a security questionnaire, a Trust Center deep-dive, and a customer who wants to see SOC 2 + ISO 27001 + ISO 42001 evidence before signing. Today this work is split across people who have other day jobs. We need one owner. This is the person who keeps deals from stalling at security review, keeps our audits clean, and keeps our policies real instead of decorative. What you'll own Procurement (deal velocity)

  • Respond to security and infosec questionnaires from prospects and customers — owning SLAs that match deal timelines.
  • Build and maintain a centralized answer library so the same question never gets answered three different ways.
  • Stand up infosec questionnaire automation + AI augmentation so we move from artisanal to assembly-line.
  • Triage net-new questions to the right SME — Eng for architecture, Security for controls, Legal for data handling, HR for personnel.
  • Keep the Trust Center current and useful.
  • Run vendor onboarding (classification + risk review), annual re-reviews, and offboarding.

Compliance (SOC 2, ISO 27001, ISO 42001)

  • Run continuous compliance — monthly/quarterly control checks
  • Own the GRC platform (Vanta or Drata) and keep evidence current.
  • HR controls: background checks, security awareness training, AUP acknowledgments, onboarding/offboarding ticket trails, access reviews tied to terminations.
  • Ops controls: vendor risk assessments, BCP/DR documentation and tabletop exercises, change management evidence, board oversight artifacts.
  • Technical controls: access provisioning + quarterly access reviews, MFA/SSO enforcement, encryption at rest and in transit, logging and monitoring evidence, vuln scans + remediation SLAs, pen test reports, secure SDLC evidence, and identifying + driving fixes for vulnerabilities in our software supply chain.
  • Requests: Handle “right to be forgotten” GDPR and CCPA requests
  • Auditor coordination: scoping, kickoff, walkthroughs, evidence, follow-ups, exceptions, remediation, clean report delivery to the Trust Center.

Risk (policies and incident response)

  • Maintain the policy library: infosec, AUP, access control, incident response, data classification, BYOD, encryption, change management, vendor management, BCP/DR.
  • Run the annual policy review cycle — updates, exec approval,...
How to Apply
About Arist

Arist delivers accessible learning through message-based courses since 2018, partnering with enterprises and non-profits to provide impactful training at scale.

Visit company website
View Company Profile
Security & Compliance Engineer at Arist - RemoteTips