Sr. Security Compliance Specialist

Required Qualifications

• 7+ years of experience in security compliance, GRC, or technology risk, with a strong track record in high-growth, technology-driven, or regulated environments.
• Significant experience leading external audits (e.g., SOC 1, SOC 2, PCI DSS), including acting as a primary contact for auditors and managing audit lifecycles end-to-end.
• Proven ability to drive readiness and manage the full audit lifecycle, including planning, evidence collection, control testing, and remediation tracking.
• Strong experience implementing and assessing controls across common frameworks such as PCI DSS, SOC 2, ISO 27001, and NIST CSF.
• Demonstrated ability to identify control gaps, assess risk, and drive remediation in partnership with cross-functional stakeholders.
• Experience developing, implementing, or improving security policies, standards, and procedures, ensuring they are practical and aligned to real-world controls.
• Strong understanding of compliance metrics and reporting, with the ability to track control effectiveness, audit outcomes, and risk exposure.
• Ability to influence and drive accountability across technical and non-technical stakeholders without direct authority.
• Excellent verbal and written communication skills, with the ability to translate complex audit and compliance requirements into clear, actionable guidance.
• Experience mentoring or supporting junior team members, contributing to raising the overall capability of the team.
• Bachelor’s degree in Information Security, Computer Science, Business Administration, or related field, or equivalent practical experience.
• Professional certifications such as CISA, CISSP, CISM, or CRISC (desired).