Security and Compliance Specialist

We are looking for a highly skilled Security and Compliance Specialist to drive the company’s security and compliance initiatives across our multi-cloud environments and services. This is a technical, hands-on role responsible for securing applications, IT infrastructure, customer data, and employee endpoints while ensuring compliance with industry standards. The role also includes leading audits (ISO 27001, SOC 2 Type 2), regulations like GDPR and HIPPA, supporting customer security inquiries, and assisting the field departments (sales, marketing) with security-related needs. 

Key Responsibilities: 

Security Implementation: 

• Implement security across multi-cloud environments (GCP, AWS, Azure) covering applications, DevSecOps-oriented, IT systems, and endpoints. 

• Continuously remediate vulnerabilities. 

• Assist with incident response efforts, including root cause analysis and the implementation of remediation plans. 

Cloud Security: 

• Oversee the security posture in multi-cloud environments (AWS, GCP, Azure) and services (such as Snowflake, MongoDB, Auth0 and others). 

• Familiarity with SIEM, CSPM and DSPM systems, SAST, DAST and CI/CDs. 

Vendor and Corporate Security Assessment: 

• Perform security assessments of third-party vendors and partners to ensure compliance with corporate security standards. 

• Implement vendor management processes to maintain security controls and compliance across all third-party relationships. 

Customer Security Support: 

• Answer customer security-related questions and assist in responding to RFPs and security questionnaires. 

• Support field departments (sales, marketing, etc.) by addressing security concerns, creating customer-facing security documentation, and maintaining a knowledge base with answers to common security inquiries. 

Data Security and Privacy: 

• Protect customer data, including PII, using encryption, DLP strategies, and access controls. 

• Enhance email security controls such as DMARC, DKIM, and SPF to protect against phishing and email fraud. 

Compliance and Auditing: 

• Experience with security audits such as ISO 27001, SOC 2, and ensure compliance with global regulations (GDPR, HIPAA, etc.). 

• Conduct penetration tests and vulnerability assessments, implementing remediation strategies based on findings. 

Qualifications: 

Experience: 

• 3+ years in security roles, with at least 2 years in cloud security and compliance. 

• Expertise in SIEM, CSPM, DSPM , DLP, SAST, DAST, and encryption tools.

• Experience with cloud-based SaaS platforms (B2B). 

• Proven experience managing security audits (ISO 27001, SOC 2) and overseeing penetration tests. 

• Experience responding to customer security inquiries and supporting sales and marketing teams. 

Technical Skills: 

• Proficient in cloud security practices across AWS, GCP, and/or Azure. 

• Strong knowledge of email security controls such as DMARC, DKIM, and SPF. 

• In-depth understanding of security technologies like IAM, VPN, firewalls, IDS/IPS,  and encryption. 

• Experience with integrating security into CI/CD pipelines through DevSecOps practices. 

• Familiarity with endpoint management and device security tools. 

Certifications (preferred): 

• CCSP, CISSP, CISM, CISA, or similar security certifications. 

• Cloud security certifications (AWS Certified Security Specialty, Google Professional Cloud Security Engineer, etc.). 

Soft Skills: 

• Strong leadership, communication, and documentation skills. 

• Ability to collaborate with cross-functional teams and handle customer-facing tasks. 

• Analytical mindset and problem-solving abilities. 

Why Join Us? 

In this role, you will play a key part in safeguarding our company’s assets, supporting customer security needs, and ensuring compliance with the highest standards. You’ll lead security strategies in a dynamic SaaS environment and contribute to the company’s continued success and growth.