Sr. Security Compliance Specialist

Job Description Role Overview: You will support the build-out of technical SOX controls, collaborating with Security, engineering, finance, and IT to document and test controls across key systems. Additionally, you will assist in technology risk assessments to identify gaps against IPO-readiness benchmarks and help drive IT General Controls implementation, application controls, and report testing by coordinating with internal teams and external auditors. Working with cross-functional teams, you will develop process flows, SOPs, and runbooks for key controls. Furthermore, you will partner with all stakeholder teams to track control ownership, remediation efforts, and evidence collection. Your responsibilities will also include coordinating the documentation and migration of control information into Avalara's GRC platform. You will proactively engage in multiple simultaneous projects with internal and external stakeholders to support strategic security and compliance objectives. Additionally, you will assist with the performance of ad hoc risk and compliance assessments as needed. Key Responsibilities: - Support the build-out of technical SOX controls - Assist in technology risk assessments - Drive IT General Controls implementation - Coordinate with internal teams and external auditors - Develop process flows, SOPs, and runbooks for key controls - Track control ownership, remediation efforts, and evidence collection - Coordinate the documentation and migration of control information into Avalara's GRC platform - Engage in multiple simultaneous projects - Assist with ad hoc risk and compliance assessments Qualifications Required: - Bachelor's degree in Information Technology, Computer Science, or equivalent experience - 5+ years of experience in IT Audit, IT Security, or IT Risk Management - Proven experience conducting systemic risk analysis in complex technical environments - Familiarity with standards and frameworks such as ISO 27001, SOC 1, SOC 2, SOX, NIST, etc. - Strong understanding of application security principles - Deep knowledge of technical controls - Experience working with business continuity, disaster recovery, vendor risk management, data privacy, and regulatory compliance - Skilled in identifying business risks and evaluating trade-offs between technical and business objectives - Experience with risk management platforms (e.g., ServiceNow GRC) is a plus - Highly self-motivated, proactive, and capable of managing concurrent priorities with minimal supervision - Strong organizational, planning, verbal, and written communication skills Role Overview: You will support the build-out of technical SOX controls, collaborating with Security, engineering, finance, and IT to document and test controls across key systems. Additionally, you will assist in technology risk assessments to identify gaps against IPO-readiness benchmarks and help drive IT General Controls implementation, application controls, and report testing by coordinating with internal teams and external auditors. Working with cross-functional teams, you will develop process flows, SOPs, and runbooks for key controls. Furthermore, you will partner with all stakeholder teams to track control ownership, remediation efforts, and evidence collection. Your responsibilities will also include coordinating the documentation and migration of control information into Avalara's GRC platform. You will proactively engage in multiple simultaneous projects with internal and external stakeholders to support strategic security and compliance objectives. Additionally, you will assist with the performance of ad hoc risk and compliance assessments as needed. Key Responsibilities: - Support the build-out of technical SOX controls - Assist in technology risk assessments - Drive IT General Controls implementation - Coordinate with internal teams and external auditors - Develop process flows, SOPs, and runbooks for key controls - Track control ownership, remediation efforts, and evidence collection - Coordinate the documentation and migration of control information into Avalara's GRC platform - Engage in multiple simultaneous projects - Assist with ad hoc risk and compliance assessments Qualifications Required: - Bachelor's degree in Information Technology, Computer Science, or equivalent experience - 5+ years of experience in IT Audit, IT Security, or IT Risk Management - Proven experience conducting systemic risk analysis in complex technical environments - Familiarity with standards and frameworks such as ISO 27001, SOC 1, SOC 2, SOX, NIST, etc. - Strong understanding of application security principles - Deep knowledge of technical controls - Experience working with business continuity, disaster recovery, vendor risk management, data privacy, and regulatory compliance - Skilled in identifying business risks and evaluating trade-offs between technical and business objectives - Experience with risk management platforms (e.g., ServiceNow GRC) is a plus - Hig