GRC & Compliance Specialist - Cloud & Audit Programs

We are looking for a technically proficient and audit-savvy Compliance Specialist to strengthen our PCI and SOC programs. This role will solve for key gaps in technical control implementation, cloud environment understanding, audit automation, and end-to-end SOC program execution.

You will bring strong execution skills, audit experience, and the ability to work cross-functionally with engineering, DevOps, and risk teams to build a scalable, automation-first compliance program.

Key Responsibilities

1. Technical Compliance Implementation

• Develop a strong control framework based on ISO 27001, PCI, SOC 1, and SOC 2 standards, and implement it across the organization. This includes setting up processes to continuously monitor, assess, and improve technical and process controls.
• Review, collaborate to build and audit technical controls across AWS environments (IAM, CloudTrail, Config, S3, RDS, etc.)
• Translate compliance requirements (ISO 27001 , PCI DSS, SOC 1, SOC 2) into actionable engineering controls
• Support secure configuration, logging, encryption, and access management reviews in collaboration with CloudOps
• Build a process to track, investigate, and manage compliance issues driving timely remediation and documentation.
  

2. PCI Program Execution

• Own day-to-day Control Monitoring activities across PCI DSS (evidence gathering, control testing, remediation tracking)
• Support annual assessments with QSAs and coordinate stakeholders
• Drive automation for audit evidence using tools like AWS Config, Security Hub, or platforms like Drata/Vanta and others

3. ISO 27001 , SOC 1 & SOC 2 Program Management

• Work closely with various departments (e.g., Engineering, Security, Cloud) to ensure audit controls are well communicated, clearly understood, and effectively implemented across relevant systems and processes.
• Act as the project coordinator for ISO and SOC audits, working with internal control owners and external auditors
• Maintain updated audit artifacts and documentation across audit periods

• Looking to get Placed? Try our Placement Guarantee Plan

  Get Hired
  Track remediation items and support testing of effectiveness

4. Audit Automation & Optimization

• Build compliance evidence pipelines and automate control testing/reporting where possible
• Integrate compliance monitoring into CI/CD pipelines and cloud asset inventory
• Support adoption and optimization of compliance platforms (e.g., Drata, Vanta, Wiz, or Prisma Cloud)

5. Documentation & Policy Management

• Maintain and enhance policies, SOPs, control descriptions, and test plans
• Collaborate with the compliance manager to operationalize new frameworks and updates