Description:

We are seeking an experienced SOC 2 Consultant (5+ years) to assist our B2B software company in achieving SOC 2 compliance. The ideal candidate will have a strong background in IT auditing, cybersecurity, and compliance, with a proven track record of successfully guiding organizations through the SOC 2 preparation and audit process. Expertise in ISO 27001, GDPR, and HIPAA is highly preferred.

Responsibilities:

- SOC 2 Readiness Assessment:

- Conduct a comprehensive assessment of the current state of IT and security controls.

- Identify gaps and provide detailed recommendations for remediation.

Preparation and Implementation:

- Assist in developing and implementing necessary policies, procedures, and controls to meet SOC 2 requirements.

- Provide guidance on best practices for security, availability, processing integriy, confidentiality, and privacy.

Documentation:

- Ensure all necessary documentation is complete and up to date, including security policies, incident response plans, and access control policies.

- Assist in creating or updating risk assessments, data flow diagrams, and control matrices.

Training and Awareness:

- Conduct required training sessions for employees to ensure understanding and compliance with SOC 2 policies and procedures.

- Provide ongoing support and guidance to internal teams throughout the SOC 2 compliance process.

Audit Coordination:

- Act as the primary point of contact with the external SOC 2 auditor.

- Assist in scheduling and coordinating the audit process.

- Ensure timely and accurate submission of all required audit documentation.

ISO 27001, GDPR, and HIPAA Compliance (optional):

- Provide expertise and guidance.

- Assist in developing and implementing necessary policies, procedures, and controls.

Post-Audit Support:

- Assist with addressing any findings or recommendations from the external audit.

- Provide ongoing support to maintain SOC 2 and other relevant compliance.

Requirements:

- Experience:

- Proven experience with SOC 2 audits, including preparation, implementation, and coordination.

- Strong understanding of SOC 2 trust service criteria (security, availability, processing integrity, confidentiality, and privacy).

- Background in IT auditing, cybersecurity, or a related field.

Skills:

- Excellent understanding of IT systems, security controls, and compliance frameworks.

- Strong project management skills and the ability to manage multiple tasks and deadlines.

- Excellent written and verbal communication skills.

- Ability to train and educate employees on compliance requirements.

Certifications (Preferred):

- Certified Information Systems Auditor (CISA)

- Certified Information Systems Security Professional (CISSP)

- Certified Information Security Manager (CISM)

- ISO 27001 Lead Implementer or Auditor

- SOC 2 certification or equivalent experience.

Additional Information:

Duration: Estimated 3-6 months project, with potential for ongoing compliance support.

Workload: Part-time or full-time, depending on project requirements. Possibility of contract-to-hire.

Location: Remote work

Virgil

Governance, Risk, and Compliance Contractor

RemoteDOE ($75-100 per hour)contractor