Security & Compliance Specialist

As a Security & Compliance Specialist, you’ll be reporting to the Director of Sales Operations with a dotted line to the Head of Security. This role owns our prospect/vendor security questionnaires and turns due diligence into a fast, accurate, reusable motion without weakening our security posture. You’ll be responsible for intake-to-submission execution of questionnaires and RFP security sections, building and maintaining a vetted answer library, coordinating approvals with Security for any exceptions, setting and meeting SLAs, and tracking metrics to cut cycle time and raise quality.

• Program Ownership & Strategic Leadership
  Own the end-to-end questionnaire motion, intake → scoping → clarifications → completion → submission with clear SLAs and a simple RACI.Prioritise work against deal timelines with Sales Ops; surface risks/blocks early and propose trade-offs that protect our posture. Continuously improve: identify bottlenecks, run quick retros, and publish a quarterly plan to cut cycle time and raise quality.
• Security Engineering & Architecture
  Draft accurate, defensible responses mapped to our controls (SOC 2, ISO 27001, GDPR/DPAs, SSO/SAML/OIDC, encryption, SDLC/CI/CD, SBOM/SLSA) and tailor them to industry context when needed. Coordinate approvals with Security for any non-standard positions; document exceptions/compensating controls, and keep a clean audit trail. Support the security sections of RFPs/RFIs and handle technical clarifications with prospects. Be clear and concise.
• Tooling, Enablement & Metrics
  Build and maintain a vetted, searchable answer library with versioning, tagging, and evidence links (pen-test summary, sub-processor list, data-flow diagrams). Keep trust materials current (security overview, certs/attestations, uptime/SLA) and ensure answers stay consistent with public statements. Instrument and report the basics, cycle time, reuse %, exception rate, internal CSAT, and use the data to drive iterative playbook updates and quick-reference guides for AEs/SEs.

• Technical Expertise
  
  • Experience in security engineering, GRC/trust, or security RFP response at a B2B SaaS or cloud provider (or equivalent hands-on experience).
    
  • Comfortable with the core stack: SOC 2, ISO 27001, GDPR/DPAs, SSO/SAML/OIDC, encryption in transit/at rest, vuln mgmt, SDLC/CI/CD.
    
  • Proven questionnaire/RFP ability, owning intake → submission, redlining risky asks, and crafting defensible, evidence-backed answers.
    
• Domain Knowledge
  
  • Knows how to map responses to evidence (pen-test/attestations, sub-processors, data-flow diagrams, BC/DR) and align with public trust materials.
    
• Collaboration & Communication
  
  • Clear, concise technical writing translates controls for non-security audiences without losing accuracy.
    
  • Organised under deadline, sets/keeps SLAs, tracks cycle time & reuse%, and keeps stakeholders in the loop.
    
  • Confident partner, can push back when requests weaken our posture while staying customer-friendly.
    

• Impact: Play a pivotal role in shaping a rapidly growing venture studio.
  
• Culture: Thrive in a collaborative, innovative environment that values creativity and ownership.
  
• Growth: Access to professional development opportunities and mentorship.
  
• Benefits: Competitive salary, health/wellness packages, and flexible work options.