About Pathlock:
Pathlock is a leader in application security, access governance, and compliance automation. Our cloud-based solutions help organizations secure critical applications, mitigate risk, and enforce policies across a diverse IT landscape.
About the Role
As a Security and Compliance Specialist, you will be responsible for maintaining our security posture, ensuring regulatory compliance, and managing our GRC program. This role requires a balance of technical expertise, regulatory knowledge, and strong communication skills to support our security initiatives across the organization.
Technical Skills Required
* Security Frameworks and Regulations: Comprehensive knowledge of ISO 27001, SOC, NIST, GDPR, and privacy frameworks
* Auditing and Compliance: Demonstrated experience conducting security audits and ensuring compliance with relevant regulations
* Data Privacy: Strong understanding of data privacy regulations and implementation of best practices
* Third-Party Risk Management: Experience managing vendor risk assessments and responding to customer due diligence requests
* GRC Tools: Hands-on experience working with and improving GRC platforms such as Drata or Vanta
* IT Infrastructure and Application Controls: Solid understanding of IT infrastructure elements including networks, operating systems, databases, and application controls
Core Competencies
* Communication Skills: Ability to explain complex concepts to technical and non-technical stakeholders
* Problem-Solving Skills: Analytical approach to identifying and resolving security and compliance issues
* Attention to Detail: Meticulous focus on accuracy and completeness in compliance documentation and processes
* Interpersonal Skills: Strong collaboration abilities with cross-functional teams and external stakeholders
* Flexibility: Willingness to support business needs across different time zones
* Organizational Skills: Excellent capability to manage multiple competing priorities effectively
Requirements
Must Have
* ISO 27001 experience as either an auditor or as part of the ISMS function
* Proficient speaking and reading English
* Practical experience working with and improving GRC tools such as Drata or Vanta
* Working knowledge of data privacy requirements
* Experience handling due diligence requests (security questionnaires and RFPs)
* Experience working with external and internal auditors
Nice to Have
* CISA (Certified Information Systems Auditor) certification
* CIPP (Certified Information Privacy Professional) certification
* Experience with cloud security certifications (AWS, Azure, GCP)
* Knowledge of additional regulatory frameworks (e.g., PCI DSS, CCPA)
* Experience implementing continuous compliance monitoring
Join our team and play a critical role in safeguarding our organization's information assets while ensuring we meet industry standards and regulatory requirements.
Why Join Pathlock?
* Opportunity to lead a cutting-edge cloud security platform.
* Work in a fast-paced, high-growth environment.
* Competitive compensation, benefits, and equity options.
* Collaborative and inclusive company culture.