Director of Engineering Security & Compliance Engineering (Washington) Job at Pearson, Washington DC

RzdVZDhaakpncXBEamVsYjdJLzhGRnNvZXc9PQ==
  • Pearson
  • Washington DC

Job Description

Director of Engineering Security & Compliance Engineering

Reports to: VP, Head of Engineering PSG

About Pearson Software Group (PSG)

Pearson Software Group (PSG) powers Pearsons Higher Education and PPG product lines, delivering worldclass learning platforms at scale (e.g., MyLab, Mastering, Pearson+, Exam Prep). PSG supports 5,000+ colleagues and millions of learners globally.

Role Overview

The Director of Security & Compliance Engineering (S&C) is a handson technical leader who embeds security into the SDLC, partnering with engineering to drive securebydesign architecture, DevSecOps automation, and developer enablement. The role leads the PSGSC program to reduce risk, harden platforms, and streamline audits through engineeringfirst practices and evidence from delivery systems.

Key Responsibilities

  • Architect and institutionalize secure SDLC practices (threat modeling, secure coding, dependency hygiene, automated testing, release gating).
  • Own DevSecOps integration across CI/CD (SAST/DAST/IAST, secrets scanning, SBOM, container/image hardening, IaC policy checks).
  • Drive shiftleft security through reusable CI/CD templates, policyascode, and golden paths.
  • Partner with platform/SRE to enforce WAF, API AuthN/AuthZ, mTLS, and runtime protections via guardrailsnot gates.
  • Publish paved road toolchains, reference architectures, and code libraries with secure defaults.
  • Stand up sandboxed environments (e.g., GitPod) and securebydefault scaffolds to accelerate teams.
  • Deliver targeted training for engineers (OWASP, secrets, auth, threat modeling) tied to real code and pipelines.
  • Lead SOC2 Type2, HECVAT, and institutional reviews using automated evidence from pipelines and platforms.
  • Define OKRs and SLAs for vulnerability remediation, secrets rotation, agent coverage, and audit readiness; publish executive dashboards.
  • Align compliance asks with product/engineering roadmaps; triage by business risk and customer impact.
  • Own vulnerability management (Qualys/Snyk/OSS posture), secrets lifecycle and key rotation, and perimeter/API security.
  • Continuously monitor control health; ensure clear ownership, escalation paths, and exception processes.
  • Improve MTTD/MTTR by integrating detections with engineering telemetry and runbooks.
  • Optimize run costs for security tooling and tests; ensure renewals/SOWs are timely and valuebased.
  • Report posture, compliance status, and maturity trends; drive continuous improvement and transparency.
  • Champion a blameless, learning culture that balances speed and safety.

Qualifications

  • 10+ years in software engineering or DevSecOps; 5+ years leading secure SDLC at scale (cloudfirst; AWS preferred).
  • Expertise in CI/CD automation, SAST/DAST/IAST, SBOM/OSS governance, secrets management, and API/perimeter security.
  • Handson experience integrating controls into developer workflows (policyascode, pipelines, precommit/premerge checks).
  • Proven delivery of SOC2 Type2/HECVAT using automated, systemofrecord evidence.
  • Executive communication; OKR setting; budget ownership; ability to influence product/engineering/security.

Preferred

  • Certifications: CISSP, CISM, CCSP, AWS, or relevant DevSecOps credentials.
  • Experience in EdTech or regulated SaaS; institutionfacing security reviews.
  • Track record of automating compliance (evidence collection, control verification, reporting).

Compensation & Application

Compensation at Pearson is influenced by a wide array of factors including but not limited to skill set, level of experience, and specific location. The minimum fulltime salary range is $170,000$195,000. This position is eligible to participate in an annual incentive program.

Applications will be accepted through until 31 Devember 2025 . This window may be extended depending on business needs.

Equal Employment Opportunity

Pearson is an Equal Opportunity Employer and a member of EVerify. Employment decisions are based on qualifications, merit and business need. Qualified applicants will receive consideration for employment without regard to race, ethnicity, color, religion, sex, sexual orientation, gender identity, gender expression, age, national origin, protected veteran status, disability status or any other group protected by law. We actively seek qualified candidates who are protected veterans and individuals with disabilities as defined under VEVRAA and Section503 of the Rehabilitation Act.

If you are an individual with a disability and are unable or limited in your ability to use or access our career site as a result of your disability, you may request reasonable accommodations by emailing TalentExperienceGlobalTeam@grp.pearson.com.

#J-18808-Ljbffr

Job Tags

Full time,

Similar Jobs

Leitner Williams Dooley & Napolitan PLLC

Associate Attorney - Memphis Job at Leitner Williams Dooley & Napolitan PLLC

Job Description Job Description LWDN is seeking an associate attorney to join its Memphis office. We are a well-respected law firm, established in the late 1800s, with offices in Knoxville, Nashville, Chattanooga, and Memphis, and a strong emphasis on civil litigation...

PEND OREILLE COUNTY

Deputy Prosecuting Attorney I or II - Criminal Job at PEND OREILLE COUNTY

 ...scenery. *Open Position: Deputy Prosecuting Attorney I or II - Criminal**Required: Submit a cover letter and resume along with the...  ...agreements, preparing and presenting cases in court, collaborating with law enforcement, and advising victims and witnesses. All work is... 

HII

Technical Writer (Hybrid) - 26088 Job at HII

 ...include, but are not limited to, the role's function, internal equity and a candidate's education or training, work experience...  ...Enlighten is looking for a multi-faceted Technical Writer with top-notch writing and editing skills who can shape and effectively present... 

Courtyard Collegeville

Bistro Dinner Server/Bartender Job at Courtyard Collegeville

The Bistro Dinner Server/Bartender at the Courtyard by Marriott in Collegeville is responsible for combining roles in food/drink service and customer interaction! This is an all in one position to give our guests the full experience. * Employment Type: Part-time, 2... 

Whole Foods Market

In-Store Shopper - Part Time - Seasonal Job at Whole Foods Market

 ...agree that it?s a great time to join #TeamWFM. As an In-Store Shopper, you?ll work on the Customer Service & E-Commerce teams supporting...  ...under the terms of the applicable Whole Benefits plan at a person?s date of hire. For additional information, visit our Whole Foods...