Security and Compliance Engineer

Company: KEH, Inc.
Location: Smyrna
Posted on: May 6, 2024

Job Description:

Who We Are

KEH

We are the original camera re-commerce company, always envisioning a better way to support the passion and profession of photography. Serving the camera community since 1979, we have become the largest curated market for field-tested, expert-graded photo and video equipment in the industry.

As a Security and Compliance Engineer, you will play a pivotal role in safeguarding our organization's digital assets and ensuring compliance with relevant regulations and standards. You will be responsible for developing, implementing, and maintaining security measures to protect our systems, networks, and data from cyber threats and vulnerabilities. Additionally, you will collaborate with cross-functional teams to establish and enforce compliance with industry regulations, such as GDPR, CCPA, PCI DSS, and others.


Job Responsibilities:

Develop, implement, and enforce security policies, procedures, and controls to safeguard payment, personally identifiable information (PII), and employee data across e-commerce and physical retail platforms.
Conduct regular risk assessments and security audits to identify vulnerabilities, assess risks, and recommend and implement mitigating controls.
Design, implement, and maintain physical network security measures to protect against unauthorized access, intrusion, and data breaches in both online and brick-and-mortar environments.
Manage and maintain compliance with industry standards and regulations such as PCI DSS, GDPR, CCPA, and other relevant data protection laws and frameworks.
Collaborate cross-functionally with IT, engineering, legal, and other teams to ensure security and compliance requirements are integrated into business processes and systems.
Stay abreast of emerging threats, vulnerabilities, and regulatory changes in the security and privacy landscape, and proactively recommend and implement appropriate measures to mitigate risks.
Provide guidance and support to internal stakeholders on security best practices, compliance requirements, and incident response procedures.
Lead or participate in security incident response activities, including investigation, containment, remediation, and reporting.
Develop and deliver security awareness training programs to educate employees on security risks, policies, and procedures.




Qualifications & Education Requirements:
Bachelor's degree in Computer Science, Information Security, or a related field; or equivalent work experience.
Minimum of 5 years of experience in security and compliance roles, with a focus on e-commerce and physical retail environments.
Deep understanding of security principles, practices, and technologies, with specific expertise in physical network security, wireless access points (WAP), and data protection mechanisms.
Strong knowledge of payment card industry standards (PCI DSS) and experience implementing and maintaining PCI compliance programs.
Familiarity with international data protection regulations such as GDPR and CCPA, and experience ensuring compliance with these regulations.
Professional certifications such as CISSP, CISM, CISA, or similar are preferred.
Excellent analytical and problem-solving skills, with the ability to assess complex security issues and recommend effective solutions.
Strong communication and interpersonal skills, with the ability to effectively collaborate with cross-functional teams and communicate security concepts to non-technical stakeholders.
Proven ability to work independently, prioritize tasks, and manage multiple projects in a fast-paced environment.




Benefits
Comprehensive medical, dental, and vision
401(k) and company match
Paid vacation, sick time and holiday
Paid maternity/paternity leave
Discounts on camera gear and access to our employee gear rental program



Job Type: Full-time

Keywords: KEH, Inc., Smyrna , Security and Compliance Engineer, Engineering , Smyrna, Georgia