Product Security Compliance Specialist – SOC 2 / SaaS

About

Most companies treat SOC 2 as a once-a-year exercise. This team treats it as part of how they operate.

We are looking for someone who understands how to run product security compliance the right way—structured, audit-ready, and aligned with how modern SaaS environments actually function. This is a visible role supporting multiple product lines, where you’ll work directly with product security, engineering, and leadership to ensure controls are not only in place—but stand up under scrutiny.

You’ll be the one connecting product security, engineering, and leadership—making sure what’s documented actually reflects what’s happening in the environment. If you’re the kind of person who actually enjoys the audit process—who knows where evidence lives, what auditors really look for, and how to keep everything moving without chaos, you would be an ideal fit for this opportunity.

You’re not isolated in a compliance function—you’re working directly with product and engineering teams. There’s real ownership here—you’re influencing how compliance is executed, not just maintaining it. The environment is complex enough to be interesting (multiple frameworks, multiple products), but structured enough to succeed. Your work directly impacts external trust, audit outcomes, and risk posture.

Responsibilities

• Leading SOC 2 evidence collection across SaaS products and supporting additional frameworks (ISO 27001, CRA, CSA STAR)
• Managing control documentation, ownership, and audit readiness across business units
• Acting as the primary point of contact for audit requests and follow-ups
• Driving remediation efforts—tracking issues through resolution and holding teams accountable
• Building and maintaining reporting dashboards around control health, audit readiness, and remediation status
• Supporting gap assessments and helping strengthen overall compliance posture

Ideal experience

• 4+ years in SOC 2, IT audit, or product/security compliance within SaaS or cloud environments
• Hands-on experience managing evidence collection and supporting audits end-to-end
• Scripting experience with PowerShell
• Strong understanding of control frameworks and risk remediation practices
• Experience working with GRC tools (ServiceNow, Archer, Drata, Vanta, OneTrust, etc.)
• Ability to work across teams and keep initiatives moving without constant escalation
• Solid understanding of SDLC and cloud-based environments

Why work here?

• They invest in their people via training
• They allow you the independence to do your job without looking over your shoulder.
• Supportive. Good benefits. Nice culture to work in. Great people.