Interface AI
Senior Compliance Specialist
Job Summary
The role of Senior Compliance Specialist involves leading critical compliance and risk initiatives within a cloud-native infrastructure, with a focus on regulatory standards such as SOC 2, ISO 27001, and PCI DSS. The position requires deep expertise in AWS security and compliance frameworks, managing external audits, vendor risk assessments, and internal controls. Candidates should have extensive experience in compliance, risk management, and cloud security, along with strong communication skills. The role demands cross-functional collaboration with engineering, DevOps, legal, and product teams to ensure regulatory adherence and security best practices.
Required Skills
Job Description
interface.ai is the industry's-leading specialized AI provider for banks and credit unions, serving over 100 financial institutions. The company's integrated AI platform offers a unified banking experience through voice, chat, and employee-assisting solutions, enhanced by cutting-edge proprietary Generative AI.
Our mission is clear: to transform the banking experience so every consumer enjoys hyper-personalized, secure, and seamless interactions, while improving operational efficiencies and driving revenue growth.
interface.ai offers pre-trained, domain-specific AI solutions that are easy to integrate, scale, and manage, both in-branch and online. Combining this with deep industry expertise, interface.ai is the AI solution for banks and credit unions that want to deliver exceptional experiences and stay at the forefront of AI innovation.
.Experience : 6-8 Years
As a Senior Compliance Specialist, you will lead and manage critical compliance and risk initiatives across our cloud-native infrastructure. You will be instrumental in developing and strengthening internal controls, ensuring regulatory compliance, and lead third party audits involving various frameworks including SOC 2, ISO 27001, and PCI DSS. Your deep understanding of AWS cloud environments is essential to support secure and compliant operations at scale.
Responsibilities:
- Lead and manage compliance external audits including SOC 2, ISO 27001, and PCI DSS
- Lead the Vendor risk assessment and due diligence programs with respect to Vendor onboarding
- Participate in risk assessments, gap analysis, and internal control reviews.
- Oversee and maintain the Infrastructure Vulnerability Management program and external penetration tests
- Map and correlate different compliance frameworks and standards, understanding their underlying principles and interconnections
- Draft, maintain, and enforce security and compliance policies aligned with SOC 2, PCI DSS, and ISO 27001 requirements.
- Ensure regulatory compliance with U.S. federal financial regulations, including GLBA and other relevant mandates and raise any identified red flags
- Manage the compliance management platform and document period evidence required for various external audits.
- Work cross-functionally with Engineering, DevOps, Product, and Legal teams.
- Conduct Security Awareness campaigns and periodic phishing campaigns as required
- Skill in using prompt engineering techniques to enhance productivity, drive efficiency, and decision-making with generative AI tools.
Qualifications:
Mandatory
- 6–8 years of progressive experience in compliance, information security, or risk management roles within SaaS or cloud-native environments.
- Deep understanding in AWS architecture and services, especially in the context of security and compliance.
Proven experience implementing and managing controls aligned with: - SOC 2 Trust Services Criteria
- PCI DSS v4.0
- NIST 800-53
- Strong experience in developing ITGCs and auditing technical controls in the cloud.
- Working knowledge or certification in ISO/IEC 27001 & ISO 27002.
- Demonstrated success managing compliance audits end-to-end.
- Ability to learn quickly and synthesize complex standards and regulatory texts into actionable insights
- Strong documentation, communication, and stakeholder coordination skills is a must.
- Experience working in Startups
Preferred:
- Additional certifications such as CISA, CISM, CISSP, or CCEP are a plus.
- AWS Certified Cloud Practitioner (AWS CCP)
- Experience or understanding of GLBA and other U.S. federal regulations applicable to financial institutions.
At interface.ai, we are committed to providing an inclusive and welcoming environment for all employees and applicants. We celebrate diversity and believe it is critical to our success as a company. We do not discriminate on the basis of race, color, religion, national origin, age, sex, gender identity, gender expression, sexual orientation, marital status, veteran status, disability status, or any other legally protected status. All employment decisions at Interface.ai are based on business needs, job requirements, and individual qualifications. We strive to create a culture that values and respects each person's unique perspective and contributions. We encourage all qualified individuals to apply for employment opportunities with Interface.ai and are committed to ensuring that our hiring process is inclusive and accessible.
Interface AI
Interface AI is the industry's-leading specialized AI provider for banks and credit unions, serving over 100 financial institutions. The company's integrated AI platform offers a unified banking experience through voice, chat, and employee-assisting solutions, enhanced by cutting-edge proprietary Generative AI
See more jobsSafe Remote Job Search Tips
Verify Employer Thoroughly
Research the company's identity thoroughly before applying. Check for a professional website with contacts, active social media, and LinkedIn profiles. Verify details across platforms and look for reviews on Glassdoor or Trustpilot to confirm legitimacy.
Never Pay to Get a Job
Legitimate employers never require payment for applications, training, background checks, or equipment. Always reject upfront payment requests or demands for bank details, even if they claim it's for purchasing necessary work gear on your behalf.
Safeguard Your Personal Information
Protect sensitive data like SSN, bank details, or ID copies. Share this only after accepting a formal, written job offer. Ensure it's submitted via a secure company system or portal, never through insecure channels like standard email attachments.
Scrutinize Communication & Interviews
Watch for communication red flags: poor grammar, generic emails (@gmail), vague details, or undue pressure. Be highly suspicious of interviews held only via text or chat apps; legitimate companies typically use video or phone calls.
Beware of Unrealistic Offers
If an offer's salary or benefits seem unrealistically high for the work involved, be cautious. Research standard pay for similar roles. Offers that appear 'too good to be true' are often scams designed to lure you into providing information or payment.
Insist on a Formal Contract
Always secure and review a formal, written job offer or employment contract before starting work or sharing final personal details. Ensure it clearly defines your role, compensation, key terms, and conditions to avoid misunderstandings or scams.