We are seeking a Compliance Auditor to ensure adherence to requirements of external certifications, internal policies, regulatory requirements and industry standards. Working directly in the Compliance team under Legal, and in parallel closely with RnD, this role involves supporting external assessments (SOC 2, ISO 27001, PCI-DSS and FedRAMP), conducting internal audits, responding to customer security inquiries, and enhancing compliance processes and security posture. The ideal candidate has experience in audit frameworks, risk management, and security controls, with strong analytical and cross-functional collaboration skills.
Key Responsibilities:
Assist with audits, such as: SOC 2, ISOs, PCI-DSS, and FedRAMP, including evidence collection and reporting.
Maintain documentation and evidence required for audits.
Conduct internal audits to assess compliance with company policies, regulatory frameworks and external certifications.
Ensuring company policies and procedures are maintained and implemented.
Drafting policies and procedures.
Assist in responding to customer security and privacy questionnaires.
Assist with compliance projects, such as: regulations compliance, and projects related to standards.
Assist with vulnerabilities management program.
Work with the Legal and Security teams to ensure policies align with compliance requirements.
Collaborate with Engineering and Product teams to implement compliance requirements.
Review third-party vendors for compliance with our requirements.
Requirements: 2+ years experience in compliance security/privacy audits (SOC 2, ISOs, PCI, etc) *strong considerations for candidates with experience in implementing FedRAMP.
Degree in Accounting, Law or Engineering.
At least 1 of the following certifications:
(1) Security certifications such as: CISSP, CCSP, CISM, CISO.
(2) Audit certifications such as: CISA, CRISC, ISO Lead Auditor.
(3) Privacy certifications such as CIPP, CIPM, CIPT.
Understanding of security controls and risk management.
Familiarity with cloud environments and architecture (AWS, GCP, Azure).
Familiarity with cloud security controls and best practices.
English- high level (speaking and writing)
Strong analytical and documentation skills. Familiarity with log observability technologies - an advantage.
Ability to work cross-functionally with platform engineering, security, and product teams.
This position is open to all candidates.