Compliance Specialist, GRCP

About The Position

Requirements

• 4+ years of direct experience in owning and operating compliance programs in a high-growth or SaaS environment
• Hands-on in managing customer, internal, and external audits, with direct auditor engagement and evidence collection
• Proven track record in managing and scaling customer trust, including security questionnaires and customer audits
• Conducted end-to-end audits of SOC2, ISO27001, and ISO27701
• Familiar with tools such as Crowdstrike, JAMF, RedCanary, GitHub, Airtable, and JupiterOne
• Knowledgeable in HIPAA and TISAX compliance requirements
• Skilled at establishing and maintaining a common control framework
• Strong communicator and collaborator, able to drive cross-functional initiatives and training

Nice To Haves

• Big4 experience strongly preferred

Responsibilities

• Own and operate compliance programs such as SOC 2, ISO 27001, ISO27701, HIPAA, and TISAX, including successful completion and renewal of certifications
• Lead and manage internal, external, and customer audits end-to-end, including direct engagement with auditors and evidence collection
• Track, remediate, and validate 100% of audit findings within agreed SLAs, ensuring no findings on SOC2 and no NCFs on external audits
• Drive cross-functional training and improve understanding of control requirements for stronger, more consistent implementation
• Manage and scale customer trust initiatives, including timely completion of security questionnaires and customer audits
• Establish and maintain a common control framework to streamline compliance efforts
• Support ongoing GRC operations, including internal data governance and compliance reviews.
• Develop and report on compliance and customer trust metrics and performance indicators (KPIs)
• Develop, maintain, and enhance security and customer trust whitepapers