Security Compliance Specialist (Remote - United States)

Sayari is the transparency company providing the public and private sectors with immediatevisibility into complex commercial relationships by delivering the largest commercially available collection of corporate and trade data as a dynamic model of global ownership and trade activity. Sayari’s solutions harness this model to enable risk resilience, complex investigations, and clear-eyed business decisions. Sayari is headquartered in Washington, D.C., and its solutions are used by thousands of frontline analysts in over 35 countries.

Our company culture is defined by a dedication to our mission of using open data to enhance visibility into global commercial and financial networks, a passion for finding novel approaches to complex problems, and an understanding that diverse perspectives create optimal outcomes. We embrace cross-team collaboration, encourage training and learning opportunities, and reward initiative and innovation. If you like working with supportive, high-performing, and curious teams, Sayari is the place for you.

Sayari’s flagship product, Sayari Graph, provides instant access to structured global business information from hundreds of millions of corporate, legal, and trade records. We adhere to US and relevant international laws and believe that publicly available information is inherently public. As a member of Sayari’s Security team you will ensure compliance with information security and data privacy related obligations imposed by laws, regulations, standards, contracts, and policies with a focus on those applicable in the US. This role will be instrumental in developing and implementing data protection standards and adoption requirements across the organization.

You will work with our Data, Product, and Software Engineering teams to understand how our products are built, maintained, and secured. With this knowledge, you’ll analyze US regulatory frameworks and standards, such as FedRAMP requirements, CMMC 2.0 mandates under DFARS, and SOC 2 guidelines, to determine actionable steps required to ensure compliance. You will enforce data governance practices, inquire legal counsel when necessary, and prepare actionable reports concerning compliance gaps.

You will continuously advise on information security and privacy compliance matters, assist with collecting audit evidence of implemented compliance controls, and assist with the drafting, review, and implementation of information security and privacy documentation.

• Perform risk assessments based on industry standard frameworks and communicate results to influence the roadmap
• Continuously monitor and stay informed of current and upcoming security regulations, standards, and applicable frameworks
• Collaborate with IT as necessary to streamline all aspects of compliance processes via system integrations, automation, and AI
• Prepare, plan, and coordinate third-party security compliance audits including evidence collection
• Respond to customer security questionnaires
• Facilitate independent security assessments and coordinate third-party penetration tests
• Promote a culture of security & data privacy awareness throughout the organization
• Help maintain Sayari’s security awareness programs and ensure engineering teams stay informed of security threats and best practices
• Management of the ISMS with high attention to detail and exceptional organization
• Manage relationships with vendors and audit their security program

• Minimum of 6 years of professional experience participating in information security audits including SOC 2 and FedRAMP
• Thorough familiarity with NIST 800-53, NIST 800-171, and NIST Cybersecurity Framework
• Experience responding to customer questionnaires regarding information security and data privacy
• Experience reviewing technical information and data privacy requirements from customers, vendors, and government regulations
• Experience performing internal security and data privacy audits to assess security maturity, communicate findings well in advance of external audits, and ensure responsible departments follow through with improvements
• Experience using a continuous compliance monitoring tool such as Vanta, Drata, etc. to track compliance with multiple frameworks and regulations
• Ability to comprehend penetration tests, vulnerability scan results, and track progress of remediations
• Excellent organization and professional writing capability with strong communication and presentation skills