Haystack
← Back to Jobs
Administrative

IT Security & Compliance Specialist

JSB Staffing Solutions, Pvt. Ltd.Williamsburg, VA🇺🇸United StatesPosted 10 Jul 2026

Quick Overview

Work Type
Hybrid
Level
Mid Senior

Job Description

A full-time job opportunity for a senior level IT Security & Compliance Specialist to spearhead security initiatives and governance frameworks. In this role, you will bridge the gap between high-level compliance and hands-on technical security engineering. You will manage our compliance pipelines, protect our fintech workflows, and champion a security-first culture across our entire organization.

This job is perfect for a proactive security professional who thrives in SaaS environments and loves securing cutting-edge tech ecosystems (including cloud, mobile, and AI).

 

Responsibilities:

●​ Lead and manage the end-to-end process of achieving and maintaining our SOC 2 compliance.

●​ Create, enforce, and govern comprehensive IT and Information security policies across the entire organization.

●​ Serve as the primary security liaison for enterprise clients, confidently answering complex security questionnaires and navigating financial audits.

●​ Interface directly with client security teams, respond to vendor security questionnaires, and optimize our IT Managed Service Provider (MSP) relationships to dictate how we best leverage them.

●​ Act as a hands-on security engineer to review and improve secure coding practices across our React and Node.js codebase, ensuring the safety of our fintech workflows.

●​ Manage and monitor DevSecOps tools like Snyk to catch vulnerabilities early in the CI/CD pipeline.

●​ Conduct internal penetration tests, review      Firebase/Firestore security rules, and rigorously develop disaster recovery plans.

●​ Design and execute vulnerability testing specifically for our AI features, running prompt injection tests against our LLMs and chat-bots to ensure data integrity.

●​ Take full ownership of company-wide security awareness training,      actively building an internal culture of vigilance and security awareness.

 

Required experience & skills:

●​ Experience managing/leading the end-to-end process of achieving and maintaining SOC 2 compliance, OR comparable/translatable audit and compliance frameworks (e.g., ISO 27001, HIPAA, PCI-DSS). — Recent experience preferred; minimum 5 years; multiple audits/renewals preferred.

●​ A proven background working within SaaS environments, with a strong preference for candidates experienced in logistics, supply chain, or short-haul trucking platforms (specifically dealing with truck routing and fleet dispatch).

●​ Proven experience serving as a primary security contact for medium to large enterprises.

●​ Strong exposure to secure processes for diverse, interconnected ecosystems across web, mobile, cloud infrastructure, and APIs.

 

Preferred deep hands-on software-security engineering is a bonus and not expected day one.

Next-Level Technical Requirements. . .

●​ Ability to work hands-on with React and Node.js codebases to implement secure coding practices.

●​ Direct experience with DevSecOps tools (e.g., Snyk), CI/CD pipelines, internal penetration testing, and Firestore/Firebase security rule governance.

●​ Experience or strong capability in running prompt injection tests and securing LLM-powered chatbots.

●​ Familiarity with cloud security, preferably within the Google Cloud Platform (Google Cloud Platform) and Firebase ecosystem.

●​ Familiarity with modern AI security frameworks, including protecting custom AI models and securing Model Context Protocol (MCP) servers.

Similar jobs