Security Compliance Specialist; m​/f​/d

Syntax is a leading Managed Cloud Provider for Mission Critical Enterprise Applications and has been providing comprehensive technology solutions to businesses of all sizes since 1972. Syntax has undisputed strength to implement and manage ERP deployments (Oracle, SAP) in a secure and resilient private, public or hybrid cloud. With strong technical and functional consulting services, and world‑class monitoring and automation, Syntax serves some of North America’s largest corporations across a diverse range of industries.

Syntax has offices worldwide, and partners with Oracle, SAP, AWS, Microsoft, IBM and other global technology leaders.

The Security Compliance Specialist will be responsible for ensuring ongoing compliance with security frameworks and privacy regulations, including ISO 27001, SOC 2, NIST, CIS, GDPR, and related requirements. This is a hands‑on technical role requiring the ability to gather, analyse, and validate compliance evidence from IT systems, applications, and security tools.

The specialist will work closely with IT, Security, and GRC teams to maintain compliance posture, support internal and external audits, and contribute to continuous improvement of controls and processes. While primarily internally focused, this role may also involve responding to customer security questionnaires or supporting audit interactions. The position requires strong technical knowledge, familiarity with system administration, and the ability to use monitoring and log analysis tools such as Splunk to validate security controls.

• Operate and maintain security compliance processes across ISO 27001, SOC 2, NIST, CIS, GDPR, and other relevant frameworks.
• Collect, analyse, and validate technical compliance evidence from systems, applications, and security platforms.
• Use SIEM and other monitoring tools to review logs, configurations, and control effectiveness.
• Support internal and external audits by preparing evidence, coordinating with stakeholders, and responding to auditor requests.
• Contribute to security control testing, system hardening reviews, and validation of technical baselines.
• Collaborate with internal stakeholders to ensure compliance requirements are integrated into operations and projects.
• Support responses to customer security questionnaires and due diligence requests as needed.
• Maintain documentation of compliance processes, evidence repositories, and audit history.
• Monitor changes in regulatory and framework requirements, recommending updates to controls or processes as required.
• Assist in developing metrics and reports on compliance status for leadership review.

• 5–7 years of experience in IT administration, security operations, or compliance roles.
• Strong understanding of security frameworks and regulations: ISO 27001, SOC 2, NIST CSF, CIS, GDPR, and related privacy requirements.
• Hands‑on experience with SIEM platforms (e.g., Splunk, Microsoft Sentinel, QRadar, Elastic) for compliance and security validation.
• Background in IT system administration (Windows, Linux, or cloud environments) with knowledge of security controls and configuration.
• Familiarity with common cybersecurity domains: access control, logging/monitoring, vulnerability management, and incident response.
• Experience preparing compliance evidence and supporting audits.
• Strong analytical and problem‑solving skills, with attention to detail.
• Ability to collaborate effectively with internal stakeholders to achieve compliance objectives.
• Effective communication skills, with the ability to explain technical compliance evidence to non‑technical stakeholders and, when required, to customers.
• Relevant certifications (e.g., CompTIA Security+, CISSP, CISM, ISO 27001 Lead Implementer/Auditor, or SIEM certifications) are an advantage.
• English language fluency (written and spoken).

• SIEM Platforms:
  Splunk, Microsoft Sentinel, QRadar, Elastic, or equivalent.
• System Administration:
  Windows Server, Active Directory, Linux, and cloud platforms (AWS, Azure, Oracle).
• Vulnerability & Compliance Tools:
  Qualys, Tenable, CIS benchmark tools, or equivalent.
• Other platforms:
  SharePoint,…