Senior Specialist, Compliance

About The Position

Requirements

• Bachelor’s degree in Computer Science, Information Systems, Cybersecurity, Compliance/Risk, or a related field; or equivalent practical experience.
• 4–7 years of progressive experience in information security, IT risk, or compliance (or a closely related technical risk role), preferably in B2B SaaS, FinTech, or financial services technology.
• Hands-on experience with: Security monitoring and incident/control event triage (e.g., SIEM, log analysis tools, ticketing systems).
• Hands-on experience with: System hardening and secure configuration for servers, applications, or network devices, aligned to documented standards.
• Hands-on experience with: Vulnerability and patch management processes, including coordination with infrastructure and application teams and tracking of exceptions.
• Hands-on experience with: Operating or testing governance, risk, and compliance (GRC) controls, such as access reviews, policy attestations, or control testing.
• Familiarity with relevant security and compliance frameworks (e.g., SOC 2, ISO 27001) and basic understanding of data protection and client/vendor oversight expectations in a global context.
• Strong analytical and documentation skills, with the ability to produce clear, audit-ready evidence, control narratives, and process documentation.
• Demonstrated ability to work cross-functionally, manage multiple workstreams, and follow through on remediation actions to closure.

Nice To Haves

• Experience supporting external audits, client due diligence, or regulatory reviews in a security, risk, or compliance capacity.
• Practical knowledge of cloud security and compliance practices (e.g., secure configuration of cloud services, identity and access management, logging and monitoring).
• Relevant industry certifications (e.g., Security+, SSCP, CISA, CISM Associate, CISSP Associate, or similar) are a plus.
• Experience in a high-growth or fast-paced technology environment with a strong emphasis on client trust, regulatory expectations, security, and compliance.
• Should be skilled in the use of automation with SharePoint as the backend.
• Should have an open mind and be able to follow through with full attention to detail.

Responsibilities

• Maintain hardened baselines and secure configurations across systems and environments, mapped to policy and control requirements.
• Proactively monitor for issues, investigate anomalies, and help drive timely remediation, with strong documentation and traceability.
• Produce high-quality control documentation and evidence that stand up to internal audit, external audit, and client scrutiny.
• Collaborate effectively with technical and non-technical stakeholders to embed security and compliance expectations into day-to-day operations.
• Support execution of compliance and security risk assessments by gathering inputs from control owners, documenting risks, and tracking agreed actions.
• Help design and execute control testing plans for key information security and compliance controls (e.g., access reviews, configuration baselines, logging and monitoring), documenting results and exceptions.
• Maintain and refine control inventories, risk registers, and metrics/KRIs for information security and compliance, partnering with the Information Security Manager and Compliance to ensure data quality and timely updates.
• Assist in evaluating the impact of new regulations, client obligations, and internal policies on existing controls, and help translate requirements into practical control changes.
• Prepare and maintain control evidence (e.g., screenshots, configuration exports, reports, tickets) that demonstrate effective operation of information security and compliance controls for internal and external audits.
• Partner with Compliance, Legal, and Information Security leadership to support SOC 2, ISO 27001, and related certification activities, including evidence collection, sample selection, and responses to auditor questions.
• Coordinate and contribute to client security and compliance questionnaires, RFPs, and on-site/virtual reviews by providing accurate, timely information on controls, hardening standards, and governance processes.
• Help organize and track findings and remediation actions arising from audits, certification reviews, and client / regulatory inquiries, ensuring owners, timelines, and status are clearly documented.
• Ensure that day-to-day security and compliance practices align with written policies (e.g., Information Security Manual, Patching and Hardening Policy, Code of Conduct) by reviewing procedures, identifying gaps, and proposing pragmatic updates.
• Support the Information Security Manager and Compliance in reviewing, updating, and socializing policies, standards, and procedures, including mapping controls to specific requirements and frameworks.
• Assist with access control and entitlement governance, including periodic user access reviews, privileged account checks, and validation of joiner/mover/leaver activities against policy and client expectations.
• Help document and refine standard operating procedures (SOPs) for recurring controls (e.g., monitoring, evidence collection, configuration reviews, access reviews), ensuring they are clear, consistent, and audit-ready.
• Operate day-to-day security monitoring processes, including review of alerts, logs, and dashboards for suspicious activity, misconfigurations, and policy exceptions, ensuring that events are handled in line with documented procedures.
• Conduct initial triage and investigation of security and control-related events; document findings, classify impact and risk, and escalate to the Information Security Manager or other stakeholders as appropriate.
• Support ongoing vulnerability, patching, and configuration management efforts by validating remediation status, tracking exceptions against policy and risk tolerance, and helping prioritize issues based on business and client impact.
• Work closely with Information Security, Compliance, Legal, Infrastructure/Operations, Engineering, and Client-facing teams to clarify security and compliance requirements and ensure shared understanding of control expectations.
• Participate in root-cause analysis and remediation planning for security findings, audit issues, client concerns, and control failures; help ensure corrective actions are risk-appropriate and sustainable.
• Identify opportunities to streamline and automate compliance and security processes (e.g., evidence collection, reporting, configuration checks, access reviews) to improve consistency, coverage, and efficiency.
• Contribute to training and awareness efforts by providing practical input on technical control topics (e.g., secure configuration, least privilege, patching expectations, documentation standards) for relevant audiences.

Benefits

• medical/Rx, dental, vision, disability, and life/AD&D insurance plans
• Flexible Savings Account (FSA)
• Health Savings Account (HSA)
• Employee Assistance Plan (EAP)
• health advocacy
• voluntary ancillary plans (accident, critical illness, hospital indemnity, legal, identity theft, auto/home, and pet insurance)
• 401(k) retirement savings plan with company match
• paid time off