Security Compliance Specialist

About Semrush

We are Semrush, a global Tech company developing our own product – a platform for digital marketers. This is your chance to be a part of it!

Your Role as a Security Compliance Specialist

As a Security Compliance Specialist, you will be a key member of our Security Compliance Team, ensuring our operations align with critical industry standards and customer expectations.

Compliance Operations (PCI DSS / ISO 27001 / SOC 2)

• Perform day-to-day operational support of PCI DSS, ISO 27001, and SOC 2 programs.
• Track and maintain compliance evidence, control status, and recurring activities.
• Coordinate internal control owners to collect, review, and validate evidence.
• Support audit readiness and ongoing compliance posture between audit cycles.
• Maintain and update policies, procedures, and compliance documentation.
• Monitor deadlines, follow up on open items, and ensure timely completion.

Customer & Business Support

• Respond to customer security questionnaires and due diligence requests.
• Communicate compliance posture, controls, and limitations to customers via email.
• Participate in customer calls or meetings to clarify security and compliance topics when needed.
• Coordinate with Sales and Customer Success on deal-related compliance questions.
• Provide timely status updates and communicate delays or risks to stakeholders.

Request Management & Operations

• Intake, prioritize, and track incoming compliance and security requests.
• Manage requests through defined workflows.
• Ensure end-to-end ownership of requests until closure.
• Escalate issues and risks when required.

Process & Documentation Support

• Execute and maintain existing compliance processes.
• Update and manage documentation, templates, and standard responses.
• Identify recurring issues and propose incremental process improvements.
• Maintain Knowledge Base content related to compliance and security.

Cross-Functional Coordination

• Work closely with Security, Legal, IT, Automation, Sales, and CS teams.
• Align compliance responses with approved policies and risk positions.
• Support consistent and accurate messaging across teams.

Who We Are Looking For

• 2–5+ years of experience in compliance, security operations, or related field.
• Practical knowledge of at least one major compliance framework (PCI DSS, ISO 27001, SOC 2).
• Experience supporting day-to-day compliance operations, including evidence collection, control tracking, and audit readiness.
• Ability to interpret control requirements and map them to internal systems and processes.
• Experience handling customer security questionnaires and due diligence requests.
• Experience maintaining and updating policies, procedures, and compliance documentation.
• Ability to clearly communicate compliance posture, controls, and limitations to both technical and non-technical audiences.
• Professional English proficiency (written and spoken).
• Strong ownership and accountability; ability to work independently without constant supervision.
• Ability to manage multiple requests, prioritize effectively, and meet deadlines.
• Highly organized, detail-oriented, and reliable.
• Pragmatic and solution-oriented mindset.
• Comfortable working cross-functionally and balancing structured processes with ambiguity.
• High integrity and discretion when handling sensitive information.

What We Offer

• Flexible working hours.
• Unlimited PTO.
• Flexi Benefit for your hobby.
• Employee Support Program.
• Loss of family member financial aid.
• Employee Resource Groups.
• Meals, snacks, and drinks at the office.
• Corporate events and teambuilding.
• Training, courses, and conferences.

A Little More About Our Company

Semrush is a leading online visibility management SaaS platform that enables businesses globally to run search engine optimization, pay-per-click, content, social media and competitive research campaigns and get measurable results from online marketing. We've been developing our product for 17 years and have been awarded G2's Top 100 Software Products, Global and US Search Awards 2021, Great Place to Work Certification, Deloitte Technology Fast 500 and many more. In March 2021 Semrush went public and started trading on the NYSE with the SEMR ticker. 10,000,000+ users in America, Europe, Asia, and Australia have already tried Semrush, and over 1,700 people around the world are working on its development. The Semrush team is constantly growing.

Key skills/competency

• PCI DSS
• ISO 27001
• SOC 2
• Security Compliance
• Audit Readiness
• Policy Management
• Customer Security Support
• Risk Management
• Documentation Management
• Cross-functional Collaboration