The compliance desk
Vendor questionnaires, pen-test follow-ups, vulnerability reports. They land on my desk first; I handle most of them and pass the ones that need real security depth to the team, with enough context that they’re not starting cold.
I sit between the support team and the security team. Vendor questionnaires, pen-test follow-ups, and the occasional vulnerability report all come through me first. I handle most of them; the ones that need real security depth go to the team, with enough context that they’re not starting from scratch.
Most vendor questionnaires repeat the same ten questions; I know the answers because I’ve answered them before. The value of someone sitting between the two teams is that security doesn’t need to read every incoming spreadsheet, and support doesn’t need to understand SOC 2 to escalate the right things.
SOC 2 · Vendor questionnaires · Pen-test follow-ups · Vulnerability triage