Security Compliance Specialist (Remote, UK)

About Sayari: Sayari is the counterparty and supply chain risk intelligence provider trusted by government agencies, multinational corporations, and financial institutions. Its intuitive network analysis platform surfaces hidden risk through integrated corporate ownership, supply chain, trade transaction and risk intelligence data from over 250 jurisdictions. Sayari is headquartered in Washington, D.C., and its solutions are used by thousands of frontline analysts in over 35 countries.
Our company culture is defined by a dedication to our mission of using open data to enhance visibility into global commercial and financial networks, a passion for finding novel approaches to complex problems, and an understanding that diverse perspectives create optimal outcomes. We embrace cross-team collaboration, encourage training and learning opportunities, and reward initiative and innovation. If you like working with supportive, high-performing, and curious teams, Sayari is the place for you.
POSITION DESCRIPTIONSayari’s flagship product, Sayari Graph, provides instant access to structured global business information from hundreds of millions of corporate, legal, and trade records. We adhere to US and relevant international laws and believe that publicly available information is inherently public. As a member of Sayari's Security team you will ensure compliance with information security and data privacy related obligations imposed by laws, regulations, standards, contracts, and policies. This role will be instrumental in developing and implementing data protection standards and adoption requirements across the organization.
You will work with our Data, Product, and Software Engineering teams to understand the data we have and how it’s processed. With this knowledge, you’ll analyze global laws and regulations, such as GDPR and EU Member State derogations, to determine actionable items required to ensure compliance. You will enforce data governance practices, inquire legal counsel when necessary, and prepare reports concerning compliance gaps.
During compliance audit cycles you will advise on information security and privacy compliance matters, assist with collecting audit evidence of implemented compliance controls, and assist with the drafting, review, and implementation of information security and privacy policies.

Job Responsibilities

• Create and maintain security policies, standards, procedures and guidelines
• Oversee and ensure the company’s data privacy practices align with applicable data protection laws, including GDPR (EU), CCPA (US), and other national or international regulations.
• Prepare, plan, and coordinate third-party security compliance audits
• Respond to customer security questionnaires
• Provide guidance on data protection requirements across the organization.
• Facilitate independent security assessments and coordinate third-party penetration tests
• Promote a culture of security &  data privacy awareness throughout the organization.
• Help maintain Company's security awareness programs and ensure engineering team stay informed of top security risks and best practices 
• Lead investigations into potential data breaches, ensuring timely resolution and compliance with notification requirements.
• Audit and measure security program maturity
• Management of the ISMS with high attention to detail and exceptional organization
• Triage security issues and provide recommended solutions 
• Monitor security and data privacy certifications and company compliance requirements
• Manage relationships with vendors and audit their security program

Required Skills & Experience

• Minimum of 2 years of professional experience  ensuring compliance with global data privacy laws and regulations i.e. GDPR, ISO 27018, ISO 27701, Data Privacy Framework, etc.
• Minimum of 4 years of professional experience participating in one or more external information security and/or data privacy compliance audits i.e. SOC 2, ISO 27018, ISO 27001, ISO 27701, etc.
• Experience responding to customer questionnaires regarding information security and data privacy
• Experience reviewing technical information and data privacy requirements from customers, vendors, and government regulations
• Familiarity with data protection technologies and risk management strategies.
• Experience performing internal security and data privacy audits to assess security maturity and provide recommendations prior to external audits
• Experience using a continuous compliance monitoring tool such as Vanta, Drata, etc. to track compliance with multiple frameworks and regulations
• Ability to comprehend penetration test and vulnerability scan results
• Startup experience, or alternatively a multifaceted skillset 
• Excellent organization and professional writing capability with strong communication and presentation skills

Benefits:·       A collaborative, fun  and positive culture - you will be part of a successful team passionate about the mission and driving business growth ·       Outstanding competitive compensation package ·       Performance and incentive bonuses ·       Exceedingly generous vacation leave, parental leave, floating holidays, flexible schedule, & other remarkable benefits·       Eligibility to participate in our UK pension plan with a company-sponsored match·       A strong commitment to diversity, equity, and inclusion·       Limitless growth and learning opportunities·       Conference & Continuing Education Coverage ·       Team building events & opportunities