IT & Cybersecurity Compliance Specialist

About Pearl

Pearl is shaping the future of dentistry with a suite of AI solutions developed to establish higher standards of quality and care for patients worldwide. Since 2019, our team has engineered FDA-cleared computer vision capabilities for interpretation of 2D and 3D dental imagery; industry-leading capabilities which clinicians, practice owners, labs, and insurers use to elevate the efficiency, accuracy, and consistency of dental care around the world.

The Role

We are seeking an experienced IT & Cybersecurity Compliance Specialist to manage our IT infrastructure and lead cybersecurity and privacy compliance efforts. This role combines hands-on IT administration with strategic compliance program ownership, ensuring our systems are secure, well-maintained, and aligned with global regulatory frameworks including SOC 2, HIPAA, and GDPR. The ideal candidate is a proactive, detail-oriented professional comfortable spanning both technical IT operations and formal compliance management within a SaaS medical device environment.

Key Responsibilities

IT Infrastructure & Systems Administration

• Administer and maintain core IT systems including endpoint management, identity and access management (IAM), and SaaS tooling (e.g., Google Workspace, Slack, Notion).

• Manage employee onboarding and offboarding processes including provisioning and deprovisioning of accounts, hardware, and system access.

• Maintain and enforce IT access controls, role-based permissions, and the principle of least privilege across all systems.

• Serve as the first point of escalation for internal IT support requests and tickets, triaging and resolving technical issues.

• Manage and maintain the company’s device fleet, including MDM (Mobile Device Management) enrollment, patching, and compliance monitoring.

• Administer and monitor cloud infrastructure and SaaS platform configurations for security and availability.

• Maintain IT asset inventory and manage software licensing.

Cybersecurity & Privacy Compliance

• Conduct gap assessments to evaluate compliance with security and privacy regulations (e.g., SOC 2, HIPAA, GDPR).

• Develop, write, and revise Standard Operating Procedures (SOPs) for security and privacy programs.

• Implement and monitor security-related Key Performance Indicators (KPIs) to measure and improve compliance performance.

• Assess, document, and report security breaches or incidents, ensuring timely and accurate communication.

• Perform security assessments of all new and existing suppliers, including annual reviews.

• Conduct Information Security incident reviews and recommend corrective actions.

• Manage Corrective and Preventive Actions (CAPAs) related to security and privacy.

• Prepare for and manage security and privacy audits, ensuring readiness and compliance.

• Complete security questionnaires for clients, vendors, and partners.

• Stay current on evolving security and privacy regulations and recommend updates to policies and procedures as needed.

Compliance Tooling & Programs

• Administer and manage the Vanta platform (or equivalent GRC tool) to automate and streamline compliance monitoring and evidence collection.

• Oversee the design, delivery, and management of security and privacy training programs for employees.

• Design and execute phishing simulation campaigns and related training to enhance employee security awareness.

• Host and facilitate recurring security committee meetings and management reviews to align stakeholders on compliance objectives.

Qualifications

• 3+ years of experience in IT administration, systems management, or a combined IT/security role.

• 3+ years of experience implementing and maintaining SOC 2 certification.

• 3+ years of experience with HIPAA, GDPR, and other global privacy frameworks.

• Proven track record of managing compliance programs, including audits, risk assessments, and CAPAs.

• Hands-on experience with compliance tools such as Vanta or similar platforms.

• Demonstrated experience with endpoint management, IAM platforms, MDM solutions, and SaaS administration.

• Strong understanding of cybersecurity best practices, incident response, and supplier risk management.

• Excellent written and verbal communication skills, with the ability to translate complex requirements into actionable processes.

• Ability to work independently and collaboratively in a fast-paced environment.

• Relevant certifications (e.g., CISA, CISM, CISSP, CompTIA Security+, or equivalent) are a plus.

Preferred Qualifications

• Experience in a SaaS company is strongly preferred.

• Experience in a medical device company and/or supporting FDA submissions.

• Experience with ISO 27001, ISO 27701, CCPA, or other international security/privacy frameworks.

• Background in managing phishing simulation programs and employee training initiatives.

• Familiarity with SaaS-specific compliance challenges and customer-facing security requirements.

• Experience with Google Workspace administration and IT helpdesk/ticketing workflows.

• Comfort operating as a one-person or small-team IT function in a high-growth environment.

What We Offer

• Competitive Benefit and Compensation Offerings

• Ongoing Training and Development Opportunities

• Unaccrued, Flexible PTO

• Remote Work