Job
Description
We are looking for a technically proficient and audit-savvy Compliance Specialist to strengthen our PCI and SOC programs. This role will solve for key gaps in technical control implementation, cloud environment understanding, audit automation, and end-to-end SOC program execution. You will bring strong execution skills, audit experience, and the ability to work cross-functionally with engineering, DevOps, and risk teams to build a scalable, automation-first compliance program. Skills & Experience Must-Have: Minimum 4-7 years of experience in GRC, cloud security, or compliance roles (preferably in SaaS) Hands-on knowledge of PCI DSS and/or ISO27001/ SOC 1/ SOC 2 compliance frameworks and Implementation knowledge Strong working knowledge of AWS services and their security configuration Experience working with auditors and managing evidence for certification processes Ability to analyze control gaps and recommend technical or process-based remediations Strong documentation and project management skills Good to Have: Familiarity with compliance automation tools (Drata, Vanta, Wiz, etc.) Prior experience automating compliance tasks using AWS-native services or scripts Certifications: CISSP , CISA, ISO 27001, PCI ISA, CCSK, or AWS Security Specialty Key Responsibilities 1. Technical Compliance Implementation Develop a strong control framework based on ISO 27001, PCI, SOC 1, and SOC 2 standards, and implement it across the organization. This includes setting up processes to continuously monitor, assess, and improve technical and process controls. Review, collaborate to build and audit technical controls across AWS environments (IAM, CloudTrail, Config, S3, RDS, etc.) Translate compliance requirements (ISO 27001 , PCI DSS, SOC 1, SOC 2) into actionable engineering controls Support secure configuration, logging, encryption, and access management reviews in collaboration with CloudOps Build a process to track, investigate, and manage compliance issues driving timely remediation and documentation. 2. PCI Program Execution Own day-to-day Control Monitoring activities across PCI DSS (evidence gathering, control testing, remediation tracking) Support annual assessments with QSAs and coordinate stakeholders Drive automation for audit evidence using tools like AWS Config, Security Hub, or platforms like Drata/Vanta and others 3. ISO 27001 , SOC 1 & SOC 2 Program Management Work closely with various departments (e.g., Engineering, Security, Cloud) to ensure audit controls are well communicated, clearly understood, and effectively implemented across relevant systems and processes. Act as the project coordinator for ISO and SOC audits, working with internal control owners and external auditors Maintain updated audit artifacts and documentation across audit periods Track remediation items and support testing of effectiveness 4. Audit Automation & Optimization Build compliance evidence pipelines and automate control testing/reporting where possible Integrate compliance monitoring into CI/CD pipelines and cloud asset inventory Support adoption and optimization of compliance platforms (e.g., Drata, Vanta, Wiz, or Prisma Cloud) 5. Documentation & Policy Management Maintain and enhance policies, SOPs, control descriptions, and test plans Collaborate with the compliance manager to operationalize new frameworks and updates Show more Show less
