The Security Compliance Specialist will be responsible for ensuring ongoing compliance with security frameworks and privacy regulations, including ISO 27001, SOC 2, NIST, CIS, GDPR, and related requirements. The role is focused on hands‑on validation of security controls. The specialist will work closely with technical teams to analyze configurations/logs while supporting compliance requirements across frameworks The specialist will work closely with IT, Security, and GRC teams to maintain compliance posture, support internal and external audits, and contribute to continuous improvement of controls and processes. While primarily internally focused, this role may also involve responding to customer security questionnaires or supporting audit interactions. The position requires strong technical knowledge, familiarity with system administration, and the ability to use monitoring and log analysis tools such as Splunk to validate security controls. Responsibilities Operate and maintain security compliance processes across ISO 27001, SOC 2, NIST, CIS, GDPR, and other relevant frameworks. Collect, analyze, and validate technical compliance evidence from systems, applications, and security platforms. Use SIEM and other monitoring tools to review logs, configurations, and control effectiveness. Support internal and external audits by preparing evidence, coordinating with stakeholders, and responding to auditor requests. Contribute to security control testing, system hardening reviews, and validation of technical baselines. Collaborate with internal stakeholders to ensure compliance requirements are integrated into operations and projects. Support responses to customer security questionnaires and due diligence requests as needed. Monitor changes in regulatory and framework requirements, recommending updates to controls or processes as required. Assist in developing metrics and reports on compliance status for leadership review. Required Skills and Experience 3-5 years of experience in IT administration, security operations, or compliance roles. Understanding of at least two security frameworks and regulations: ISO 27001, SOC 2, NIST CSF, CIS, GDPR, and related privacy requirements. Experience with SIEM platforms (e.g., Splunk, Microsoft Sentinel, QRadar, Elastic) for compliance and security validation. Experience working with or reviewing configurations in Windows, Linux, or cloud environments. Familiarity with common cybersecurity domains: access control, logging/monitoring, vulnerability management, and incident response. Experience preparing compliance evidence and supporting audits. Strong analytical and problem‑solving skills, with attention to detail. Ability to collaborate effectively with internal stakeholders to achieve compliance objectives. Effective communication skills, with the ability to explain technical compliance evidence to non‑technical stakeholders and, when required, to customers. Relevant certifications (e.g., CompTIA Security+, CISSP, CISM, ISO 27001 Lead Implementer/Auditor, or SIEM certifications) are an advantage. English language fluency (written and spoken). Key Technologies SIEM Platforms: Splunk, Microsoft Sentinel, QRadar, Elastic, or equivalent. System Administration: Windows Server, Active Directory, Linux, and cloud platforms (AWS, Azure, Oracle). Vulnerability & Compliance Tools: Qualys, Tenable, CIS benchmark tools, or equivalent. Other platforms: SharePoint, Confluence, ServiceNow. #J-18808-Ljbffr