GRC & Cyber Security Specialist

Job Description

We are looking for a technically proficient and audit-savvy Compliance Specialist to strengthen our PCI and SOC programs. This role will solve for key gaps in technical control implementation, cloud environment understanding, audit automation, and end-to-end SOC program execution. You will bring strong execution skills, audit experience, and the ability to work cross-functionally with engineering, DevOps, and risk teams to build a scalable, automation-first compliance program. Key Responsibilities 1. Technical Compliance Implementation Develop a strong control framework based on ISO 27001, PCI, SOC 1, and SOC 2 standards, and implement it across the organization. This includes setting up processes to continuously monitor, assess, and improve technical and process controls. Review, collaborate to build and audit technical controls across AWS environments (IAM, CloudTrail, Config, S3, RDS, etc.) Translate compliance requirements (ISO 27001 , PCI DSS, SOC 1, SOC 2) into actionable engineering controls Support secure configuration, logging, encryption, and access management reviews in collaboration with CloudOps Build a process to track, investigate, and manage compliance issues driving timely remediation and documentation. 2. PCI Program Execution Own day-to-day Control Monitoring activities across PCI DSS (evidence gathering, control testing, remediation tracking) Support annual assessments with QSAs and coordinate stakeholders Drive automation for audit evidence using tools like AWS Config, Security Hub, or platforms like Drata/Vanta and others 3. ISO 27001 , SOC 1 & SOC 2 Program Management Work closely with various departments (e.g., Engineering, Security, Cloud) to ensure audit controls are well communicated, clearly understood, and effectively implemented across relevant systems and processes. Act as the project coordinator for ISO and SOC audits, working with internal control owners and external auditors Maintain updated audit artifacts and documentation across audit periods Track remediation items and support testing of effectiveness 4. Audit Automation & Optimization Build compliance evidence pipelines and automate control testing/reporting where possible Integrate compliance monitoring into CI/CD pipelines and cloud asset inventory Support adoption and optimization of compliance platforms (e.g., Drata, Vanta, Wiz, or Prisma Cloud) 5. Documentation & Policy Management Maintain and enhance policies, SOPs, control descriptions, and test plans Collaborate with the compliance manager to operationalize new frameworks and updates Show more Show less