About the Role
We are looking for a technically proficient and audit-savvy Compliance Specialist to strengthen our PCI and SOC programs. This role will solve for key gaps in technical control implementation, cloud environment understanding, audit automation, and end-to-end SOC program execution.
You will bring strong execution skills, audit experience, and the ability to work cross-functionally with engineering, DevOps, and risk teams to build a scalable, automation-first compliance program.
Skills & Experience
Must-Have:
- Minimum 4-7 years of experience in GRC, cloud security, or compliance roles (preferably in SaaS)
- Hands-on knowledge of PCI DSS and/or ISO27001/ SOC 1/ SOC 2 compliance frameworks and Implementation knowledge
- Strong working knowledge of AWS services and their security configuration
- Experience working with auditors and managing evidence for certification processes
- Ability to analyze control gaps and recommend technical or process-based remediations
- Strong documentation and project management skills
Good to Have:
- Familiarity with compliance automation tools (Drata, Vanta, Wiz, etc.)
- Prior experience automating compliance tasks using AWS-native services or scripts
- Certifications: CISSP , CISA, ISO 27001, PCI ISA, CCSK, or AWS Security Specialty
Key Responsibilities
1. Technical Compliance Implementation
- Develop a strong control framework based on ISO 27001, PCI, SOC 1, and SOC 2 standards, and implement it across the organization. This includes setting up processes to continuously monitor, assess, and improve technical and process controls.
- Review, collaborate to build and audit technical controls across AWS environments (IAM, CloudTrail, Config, S3, RDS, etc.)
- Translate compliance requirements (ISO 27001 , PCI DSS, SOC 1, SOC 2) into actionable engineering controls
- Support secure configuration, logging, encryption, and access management reviews in collaboration with CloudOps
- Build a process to track, investigate, and manage compliance issues driving timely remediation and documentation.
2. PCI Program Execution
- Own day-to-day Control Monitoring activities across PCI DSS (evidence gathering, control testing, remediation tracking)
- Support annual assessments with QSAs and coordinate stakeholders
- Drive automation for audit evidence using tools like AWS Config, Security Hub, or platforms like Drata/Vanta and others
3. ISO 27001 , SOC 1 & SOC 2 Program Management
- Work closely with various departments (e.g., Engineering, Security, Cloud) to ensure audit controls are well communicated, clearly understood, and effectively implemented across relevant systems and processes.
- Act as the project coordinator for ISO and SOC audits, working with internal control owners and external auditors
- Maintain updated audit artifacts and documentation across audit periods
- Track remediation items and support testing of effectiveness
4. Audit Automation & Optimization
- Build compliance evidence pipelines and automate control testing/reporting where possible
- Integrate compliance monitoring into CI/CD pipelines and cloud asset inventory
- Support adoption and optimization of compliance platforms (e.g., Drata, Vanta, Wiz, or Prisma Cloud)
5. Documentation & Policy Management
- Maintain and enhance policies, SOPs, control descriptions, and test plans
- Collaborate with the compliance manager to operationalize new frameworks and updates
