Security And Compliance Specialist

Summary

Join Thematic, a SaaS platform for customer feedback analysis, as a remote Security and Compliance Specialist based in New Zealand! This role focuses on managing security questionnaires, leading annual SOC2 compliance audits, and maintaining security policies and controls. The ideal candidate possesses strong experience in SOC2 compliance, excels in communication, and demonstrates a pragmatic approach to security. The position offers a competitive salary, flexible working hours, remote work options, and unique team-building activities. Part-time arrangements are possible. Thematic is a well-funded, profitable company working with major tech brands.

Requirements

• Bachelor's degree in Information Technology, Computer Science, Cybersecurity, or a related field
• Minimum of 2 years of experience in managing or leading SOC2 compliance efforts, including preparation for audits and maintaining ongoing compliance
• Proven track record of efficiently completing security questionnaires for SaaS or technology companies
• Excellent verbal and written communication skills, with the ability to convey complex security and compliance concepts to diverse audiences
• Exceptional attention to detail and accuracy in documentation and reporting
• Strong analytical and problem-solving skills, with the ability to develop innovative solutions to complex compliance challenges

Responsibilities

• Be the first point of communication for any security-related matters
• Communicate with others via Slack and with external security teams via email / Zoom / Teams
• Fill out security questions in a timely manner, and if necessary jump in after hours / on weekends for time-sensitive compliance projects
• Collaborate with other teams to find answers, if necessary
• Collaborate with other teams to ensure any requirements or changes to processes or infrastructure are implemented
• Ensure the filling out of security forms is efficient and quick
• Create artifacts that help sales team communicate with external security teams e.g. our AI Governance practices
• Be the first point of contact for the SOC2 auditors
• Lead our annual SOC2 compliance and review (around 8 weeks part-time)
• Ensure we are following security practices necessary to pass SOC2 compliance in an efficient manner (throughout the year, depending on time available)
• Use Confluence and Jira heavily, and you’ll use other tools required for evidence preparation
• Strive to understanding of business context and correlate the effort required for compliance initiative with business impact
• Review and maintain policy documents
• Research and write policy documents and updates to existing documents as they are needed
• Ensure controls are in place for compliance with policy documents
• Monitor compliance throughout the year and work with other teams to ensure they remain compliant

Preferred Qualifications

• Strong understanding of cloud infrastructure (e.g., AWS, Azure, GCP) and security best practices if security work is necessary
• Demonstrated experience in designing and implementing scalable processes for evidence collection and management to support compliance initiatives
• Experience working cross-functionally with various teams, such as IT, Legal, and Product, to ensure company-wide compliance with security standards

Benefits

• Base salary of $80,000-$100,000 per year (negotiable, and depends on level of experience), plus employee stock options
• Flexible working hours
• Work remotely from anywhere in the world during 1-2 months a year
• $400 per month towards a private or a shared office space (tax free)
• Regular team activities
• Weekly Friday sessions
• Annual team retreat