Compliance Support Specialist

• Provide technical support for cybersecurity tools and technologies, ensuring operational effectiveness and timely issue resolution.
  
• Maintain security awareness training documentation for internal and client-facing audiences to promote cybersecurity best practices.
  
• Support clients' audit readiness by assisting with evidence collection, control testing, and remediation tracking.
  
• Assist clients with the setup and maintenance of GRC (Governance, Risk, and Compliance) tools, particularly Drata, including data migration, vendor module configuration, user management, and policy updates.
  

• Create, maintain, and update security policies, procedures, and compliance documentation to align with industry standards.
  
• Develop and maintain trackers for client purposes according to their internal policy requirements.
  
• Assist clients in completing Self-Assessment Questionnaires (SAQs), leveraging existing onboarding information, historical SAQs, and data housed within GRC platforms.
  
• Conduct periodic user access reviews across clients' systems and applications.
  
• Assist in preparing reports and documenting response actions.
  

• Partner with cybersecurity team members and cross-functional departments to implement and sustain security measures.
  
• Research and respond to clients' ad-hoc security inquiries, providing clear and actionable findings.
  
• Leverage internal tools to optimize workflows and drive efficiency in daily operations.
  

• Regularly assess and enhance client security postures, leveraging GRC platform features for control management, task assignment, and audit readiness activities.
  
• Operates autonomously, taking ownership of work and executing tasks ahead of deadlines with minimal oversight
  

Requirements

• Education: Bachelor's degree in Information Security, Computer Science, or a related field.
  
• Relevant certifications SEC+, CISA, or equivalent may be required.
  
• (CISSP, CISM, CRISC) are a plus.
  
• Experience: Minimum of 2-4 years of experience in cybersecurity, with a focus on compliance management and project management.
  
• Technical Skills: Proficiency in using Asana (or equivalent) for project management and Slack for effective communication.
  
• Familiarity with Drata or similar compliance management tools is highly desirable.
  
• Compliance Knowledge: Strong understanding of SOC 2 Type I and II, and ISO 27001 standards, controls, and assessment methodologies.
  
• Experience with other compliance frameworks (e.g., HIPAA, GDPR, NIST) is nice to have.
  
• Analytical Thinking: Ability to analyze and identify security risks, providing practical recommendations for mitigating those risks.
  
• Communication Skills: Excellent verbal and written communication skills in English, with the ability to convey technical concepts to both technical and non-technical stakeholders effectively.
  
• Collaboration: Proven ability to work collaboratively in a team environment, interacting with clients, internal teams, and third-party auditors or assessors (as needed).
  
• This role would not need to take external calls with clients (via Zoom etc.) but does need to be externally facing via Slack and email correspondence.
  
• Ability to work independently, remotely, with assigned tasks and deadlines, with minimal oversight.
  
• Attention to Detail: Meticulous and thorough approach to work, ensuring accuracy in documentation, reporting, and compliance activities.
  
• Adaptability: Ability to thrive in a fast-paced and rapidly changing environment, managing multiple projects simultaneously and meeting deadlines.
  

Benefits

✔Competitive salary

✔ Prepaid medicine

✔ Life insurance

✔ Birthday day off.

✔ Indefinite-term labor contract, with all legal benefits.