Security & Compliance Topics
Governance, compliance frameworks, regulatory requirements, compliance implementation, and compliance-driven risk management. Covers compliance frameworks (SOX, GDPR, HIPAA, FCPA, etc.), regulatory interpretation, compliance control design, audit and control effectiveness evaluation, and compliance process management. For operational security implementation and technical threat mitigation, see Security Engineering & Operations.
Stakeholder Requirements and Communication
Skills for eliciting, synthesizing, and communicating requirements across diverse stakeholders, with an emphasis on translating specialized compliance and regulatory obligations into language and priorities that non compliance stakeholders understand. Candidates should demonstrate techniques for running one on one interviews and group workshops, managing different technical fluency levels and communication styles, reconciling conflicting priorities, and framing compliance tradeoffs in terms of business impact, financial implications, operational burden, and customer experience. Assessments will focus on concrete approaches to gather complete requirements, influence business owners, negotiate pragmatic solutions, and ensure alignment between legal, compliance, and engineering teams.
Security and Compliance Architecture
Architecting systems to meet security requirements and regulatory and compliance obligations. Candidates should understand how to embed data classification, data governance, encryption, least privilege access, audit trails and logging, secure design patterns, and threat modeling into architectures. Expect discussion of how architectural choices affect obligations under common regulations such as the General Data Protection Regulation, the Health Insurance Portability and Accountability Act, the Payment Card Industry Data Security Standard, and System and Organization Controls frameworks. Topics include documenting architecture for compliance reviewers, retention and data residency considerations, denial of service mitigation and web application firewall strategies, and balancing security controls with usability and operational cost. Candidates should be able to describe when to engage legal and compliance teams and how to design for auditability and evidence capture.