Original listing text, shown exactly as published by the company.
About the Role
We're looking for an experienced IT & Compliance Specialist to own and scale the company's security compliance program while managing internal IT operations. This is a high-impact role responsible for maintaining SOC 2 compliance, strengthening security controls, and ensuring internal systems remain secure and audit-ready.
You will work closely with Engineering, Operations, and Leadership, serving as the primary owner of compliance initiatives and day-to-day IT operations. You will be supported by the CTO and a part-time consultant who brings deep SOC 2 and MDM expertise, but the day-to-day ownership is yours.
The compliance program is already in place. What we need is someone to take it seriously, stay on top of it, and make sure nothing slips. If anything being slightly out of place genuinely bothers you, you will fit right in here.
Key Responsibilities
SOC 2 Compliance (Primary Priority)
- Own and maintain the SOC 2 compliance program, including continuous monitoring, audit readiness, evidence collection, and control tracking
- Administer Vanta as the primary compliance automation platform, it needs work, and cleaning it up is part of the job; you will have CTO time and a part-time consultant to help you navigate it
- Conduct regular access reviews across all systems and ensure documentation is complete and accurate
- Facilitate tabletop exercises, scenario-based drills covering events like AWS regional outages, cyber incidents, or availability failures, planning, running, and capturing outcomes
- Manage vendor relationships: own the Vanta contract, pentester engagements, and third-party security assessments
- Develop, maintain, and improve information security policies, procedures, and documentation
Device Fleet & MDM
- Take ownership of corporate device management across a mixed fleet of macOS, Linux (Ubuntu and variants), and Windows machines
- Implement centralized MDM controls: encryption, anti-malware, endpoint detection, and remote management across all corporate devices
- Establish and enforce a BYOD policy for employees and contractors who use personal hardware for work
- Ensure every device is properly enrolled and meets compliance requirements before an employee is operational on day one
- Build repeatable onboarding and offboarding processes so access and device controls are never an afterthought
Cloud & AWS Compliance
- Maintain security hygiene in AWS: IAM roles, Identity Center, GuardDuty, AWS Config, and access reviews
- Identify and remediate overly permissive roles, stale credentials, and misconfigured controls
- Collaborate with engineers to resolve vulnerabilities and apply patches, you will need strong working relationships with the technical team in Caxias do Sul
- Support cloud-related evidence collection for SOC 2 controls
IT Operations & Access Management
- Own IT onboarding and offboarding: provisioning, deprovisioning, and access controls so nothing falls through the cracks
- Manage access across Google Workspace, Slack, GitHub, Rippling, AWS Identity Center, and other core tools
- Serve as the primary internal IT resource and respond to urgent issues as they arise
Requirements
- 3+ years of experience in IT, Security, Compliance, or related roles within a SaaS company, startup, or high-growth technology environment
- Proven hands-on experience managing SOC 2 Type I and/or Type II compliance programs
- Direct experience with Vanta, not just compliance platforms in general, but specifically Vanta, including interpreting findings and driving remediation
- Experience managing devices across macOS, Linux, and Windows using MDM solutions such as JumpCloud, Jamf, Kandji, or similar
- Working knowledge of AWS security and governance: IAM, Identity Center, GuardDuty, AWS Config, and access best practices
- Strong understanding of identity and access management, MFA, encryption, endpoint security, and audit controls
- Detail-oriented to a fault, if a control is slightly incomplete or an access review has a gap, you catch it before the auditor does
- Professional English communication skills (C1 or higher) for daily collaboration with the US-based CTO and leadership team
- Execution-focused and detail-oriented, the CTO and a part-time the consultant will support you, but the day-to-day compliance work needs someone who follows through completely, not someone who needs the work defined for them every step
- Comfortable in a fast-moving startup environment where you are the only person whose main job is compliance
Preferred Qualifications
- Scripting experience (Python preferred) for automating compliance checks, IT workflows, or ITSM-style processes, we use Linear, not Jira, but the mindset is the same
- Experience with AI tools such as Claude or ChatGPT applied to real compliance or IT operations workflows
- Familiarity with tools in our stack: Google Workspace, Slack, GitHub, Rippling, Linear, AWS Identity Center
- Some experience owning vendor contracts or working directly with pentesters and external security assessors
- Prior experience working with or at a US-headquartered company with a Brazilian engineering team
- Certifications such as CompTIA Security+, AWS Security, or SOC 2-related credentials are a plus but not required
Success in the First 3–6 Months
First 60 Days
- Every open finding in Vanta has a clear owner and remediation timeline
- The device fleet is fully inventoried: what is enrolled, what is not, and what needs to happen
- You have built working relationships with the technical team in Caxias do Sul and know who to go to when vulnerabilities need patching
- The top AWS hygiene issues are identified and a remediation plan is presented to the CTO
Six Months In
- SOC 2 evidence is gathered continuously, not assembled in a panic before an audit
- Every corporate device is enrolled in MDM with encryption, anti-malware, and remote management in place
- A BYOD policy exists and is actively followed
- Access reviews happen on schedule with clean documentation
- At least one tabletop exercise has been facilitated and the team knows how to respond to a real incident
Compensation & Logistics
- Hybrid role based in Rio Grande do Sul, Brazil, Caxias do Sul strongly preferred; Porto Alegre and surrounding areas are also welcome
- Travel to Caxias do Sul is expected, especially in the first months; occasional travel to Rio de Janeiro may also be required
- Significant overlap with US Pacific Time hours for daily collaboration with the CTO and leadership
- Equity package
- Flexible PTO policy
- Mental health benefits
- Fitness allowance
- Learning and professional development budget
- Home office and workspace allowance
Company OverviewOur client is an AI-powered demo engineering platform that helps software companies run live, hands-on sandboxes and demos for enterprise buyers. We recently closed our Series A and launched three new products: a Data Generator for realistic synthetic data, a Surface Editor for instant demo personalization, and a Sandbox Copilot, a 24/7 AI Sales Engineer embedded inside every sandbox.
Job description created by latamcent.com, a nearshore staffing agency.
