Lead Security Compliance Engineer

We are currently seeking a Lead Security Compliance Engineer to strengthen our Compliance Assurance Office team.

The successful candidate will join a team responsible for designing, maintaining, and operating the company’s Information Security Management System (ISMS), as well as supporting EPAM projects with the analysis and implementation of client-specific security requirements.

Unlock the potential of remote work in Kazakhstan, giving you the flexibility to work from home or access our offices in Astana, Almaty or Karaganda.

Responsibilities

• Manage and/or assist with company and customer security compliance requirements implementation

• Create and maintain security policies and processes with and without support from subject-matters experts

• Facilitate company teams, projects and locations for external security audits independently

• Support production projects and sales teams with customers' questions and audits in information security area

• Perform Security internal audits independently

• Improve ISMS

Requirements

• Significant knowledge and experience in any of the following framework/standard: ISO 27001, ISO 27701, CMMC, SOX, SOC1 (ISAE 3402), SOC2, NIST 800-53, PCI DSS, TISAX, others

• Experience with implementation or support of Information Security Management System (ISMS) or experience with security standards/regulations

• Experience in creation and maintenance of security policies

• Background in one of the following areas: Security compliance, Information security, IT processes, IT/Security audits, Hardware, Software, Network, IT Administration, User support, Software development processes

• English B2 or higher

• Good communication skills (readiness to communicate with people in multinational environment, ability to communicate orally and in writing)

Nice to have

• Experience in development and implementation of complex security compliance plan/program in security area (gap analysis -> remediation plans -> detailing tasks, management of tasks implementation -> internal audit)

• Knowledge or experience with any of the following regulations: CMMC, NIST SP 800-171, NIST SP 800-218, US DoD Regulation

• Certificates in Information security / IT compliance areas

We offer/Benefits

We connect like-minded people:

• Delivering innovative solutions to industry leaders, making a global impact  
• Corporate and social events 
• Enjoyable working environment

We invest in your growth: 

• Leadership development, career advising, soft skills and well-being programs 
• Unlimited access to LinkedIn Learning and Udemy
• Free English classes with certified teachers 
• Discounts in local language schools, including online courses for the Kazakh language

We cover it all:

• Participation in the Employee Stock Purchase Plan 
• Medical & family care package   
• Six trust days per year (sick leave without a medical certificate)   
• Coverage of psychology sessions of your choice
• Benefits package (sports activities, a variety of stores and services)

EPAM is a team of technologists and innovators united by a passion for technology. In Kazakhstan, we operate across all cities with offices in Astana, Almaty, and Karaganda and work with the world's leading companies from different industries. In 2023, EPAM received the Export Excellence Award at the esteemed Digital Bridge Awards, showcasing our commitment to excellence and innovation.