Security Compliance Specialist

About The Position

Requirements

• 5+ years of experience in security compliance, GRC, or a closely related function, ideally with experience at a startup or in an early-stage environment.
• Deep familiarity with at least several of: SOC 2, HIPAA, GDPR, ISO 27001, PCI DSS, and an interest in newer or more advanced regimes.
• Demonstrated experience running audits end to end: planning, evidence, walkthroughs, findings, and remediation.
• Strong project management skills: you can juggle multiple frameworks, vendors, and internal stakeholders and keep everything moving without micromanagement.
• Excellent written and verbal communication skills. You can explain complex requirements in clear, approachable language and adapt your message to engineers, leadership, and customers.

Nice To Haves

• Strong foundations in technical concepts: you are comfortable talking about infrastructure, logs, endpoints, identities, and segmentation even if you are not the one writing production code.
• Opinions about building efficient, low-friction, high-signal IT and compliance processes in a remote-first company.
• Experience writing code in personal or professional contexts (for example scripting, automation, or light development), even if you are not a full-time engineer.
• Prior experience supporting PCI, healthcare, or other highly regulated environments.

Responsibilities

• Own our security and privacy compliance programs across frameworks such as SOC 2, HIPAA, GDPR, ISO 27001, and PCI DSS, and help prepare the organization for future frameworks.
• Translate regulatory and framework requirements into clear, pragmatic controls that fit LiveKit’s engineering culture and infrastructure.
• Build and maintain the compliance roadmap and calendar, including audits, renewals, evidence collection cycles, and internal reviews.
• Lead customer and third-party security questionnaires, DDQs, and compliance reviews, partnering with Sales, Legal, and Engineering to respond efficiently and consistently.
• Maintain and continuously improve our policy set, including access control, asset management, vendor risk, incident response, and related governance documents.
• Track and report on compliance health, gaps, and remediation progress to leadership.
• Identify operational gaps and lead projects to close them, such as new approval flows, access reviews, or better documentation of data flows and responsibilities.
• Act as the primary point of contact for external auditors, assessors, and compliance vendors, coordinating walkthroughs, evidence requests, and responses.
• Partner with the Security Engineer and infra team on: Scoping and documenting systems, data flows, and segmentation decisions for PCI and other frameworks.
• Ensuring technical controls (EDR, FIM, logging, vulnerability management) are mapped to compliance requirements, while keeping technical ownership with engineering.
• Work with GTM teams and leadership to champion compliance as a business enabler, helping unlock deals and maintain customer trust.
• Advise on risk, surface critical issues early, and drive remediation projects to completion with clear owners, timelines, and success criteria.

Benefits

• The opportunity to build a foundational compliance function at a company that is defining how AI-powered applications are built
• A chance to shape how security, compliance, and IT work together from the ground up, in partnership with engineering and leadership
• Competitive salary and equity package
• Health, dental, and vision benefits
• Flexible vacation policy