Job Overview
Location
Remote - USA
Job Type
Full-time
Category
Security Engineer
Date Posted
May 22, 2026
Full Job Description
đź“‹ Description
- • Lead the end-to-end execution of external compliance audits for SOC 2, ISO 27001, and PCI DSS, including audit planning, scope definition, evidence strategy, walkthrough coordination, issue resolution, and delivery of audit results in partnership with GRC leadership.
- • Serve as the primary liaison to external auditors, managing all audit communications, responding to information requests, participating in audit discussions, and providing technical context and judgment on findings, clarifications, and interpretation of framework requirements.
- • Partner with internal stakeholders across engineering, legal, operations, and business units to align on audit scope, control ownership, evidence requirements, and remediation plans throughout the entire audit lifecycle.
- • Ensure controls are designed, implemented, documented, and operating effectively within College Board’s cloud-based systems, with ongoing oversight to maintain continuous audit readiness.
- • Translate compliance framework requirements (SOC 2, ISO 27001, PCI DSS) into practical, auditable technical controls that engineering and infrastructure teams can implement and sustain in cloud-native environments.
- • Provide technical leadership during compliance assessments and audits by leading control walkthroughs, validating control operation, and confidently explaining cloud architectures, security mechanisms, and control implementations to auditors.
- • Review technical implementations from a compliance perspective to identify gaps, weaknesses, or audit risks early, and recommend pragmatic, scalable remediation approaches that align with business and technical constraints.
- • Develop and execute the organization’s compliance strategy and roadmap, ensuring alignment with business objectives and cloud-native operating models, with a focus on scaling processes for efficiency, consistency, and repeatability across audit cycles.
- • Standardize control design, documentation, evidence collection, and operating procedures to improve audit efficiency and ensure sustained readiness year over year.
- • Establish and operate compliance governance processes including control ownership, monitoring, issue tracking, and exception management to maintain ongoing control effectiveness and audit preparedness.
- • Promote a culture of continuous compliance readiness by embedding compliance requirements into day-to-day operations and technical workflows, rather than treating audits as isolated events.
- • Identify opportunities to mature the compliance program through automation, continuous monitoring, improved evidence practices, and scalable audit readiness tools and processes.
- • Build strong, trust-based relationships with stakeholders at all levels to drive productive collaboration, timely decision-making, and effective resolution of compliance-related issues.
- • Partner with cross-functional teams including business areas, engineering, legal, and operations to ensure compliance requirements are understood, owned, and executed consistently across the organization.
- • Coordinate delivery of compliance initiatives by aligning timelines, dependencies, and responsibilities to lead audit readiness, remediation efforts, and ongoing control effectiveness.
- • Communicate compliance expectations, progress, and risks clearly to both technical and non-technical stakeholders, ensuring accountability and alignment throughout audit cycles and compliance activities.
- • Position compliance as a strategic partnership that supports control owners rather than a policing function, fostering collaboration and shared ownership of security outcomes.
🎯 Requirements
- • 8+ years of progressive experience in information security, security auditing, or IT audit with increasing responsibility in technical implementation, control design, risk assessment, and audit leadership
- • Proven experience leading end-to-end SOC 2, ISO 27001, and PCI DSS audits with deep practical expertise in control interpretation, cross-framework mapping, evidence strategy, audit walkthroughs, and direct engagement with external auditors in cloud-based environments
- • Deep, hands-on knowledge of ISO 27001, SOC 2 (Trust Services Criteria), and PCI DSS frameworks and the ability to translate requirements into actionable technical controls
- • Strong background in cloud-native security architectures, with primary expertise in AWS and working knowledge of Azure and/or Google Cloud Platform
- • Bachelor’s degree required
- • Authorization to work in the United States
🏖️ Benefits
- • Hiring range of $120,000–$175,000, with salary determined by location, experience, and market data
- • Flexible remote work option with hybrid possibility (Tues/Wed in office) for candidates near College Board offices
- • Opportunities for professional growth and exposure to emerging technologies and AI-driven solutions
- • Travel reimbursement for 3–4 annual in-person business trips to College Board offices
Skills & Technologies
AWS
Azure
GCP
Senior
Remote
Degree Required
About College Board
College Board is a nonprofit membership organization founded in 1900 that develops and administers standardized tests, curricula, and programs to expand access to higher education. It owns and operates the SAT, PSAT, AP, and CLEP examinations, supports college planning tools, and partners with schools and universities to promote college readiness. The organization also offers scholarship search services and data-driven research reports on educational trends and equity.
Get more remote jobs like this
Subscribe to the weekly newsletter for similar remote roles and curated hiring updates.
Newsletter
Weekly remote jobs and featured talent.
No spam. Only curated remote roles and product updates. You can unsubscribe anytime.
