Virgil is the fractional law firm that's reimagining legal services for startups. At Virgil, we know that running a startup comes with a mountain of back-office headaches—compliance, contracts, bookkeeping, intellectual property, and more. That's where we come in. Think of us as your painkiller, taking the sting out of legal complexities so you can focus on what really matters—growing your business. Our team of top-tier attorneys is on standby to provide you with the tailored legal support you need, when you need it, without the overhead of a full-time legal department. Say goodbye to legal stress and hello to seamless, startup-friendly solutions with Virgil at your side.
Description:
We are seeking an experienced SOC 2 Consultant (5+ years) to assist our B2B software company in achieving SOC 2 compliance. The ideal candidate will have a strong background in IT auditing, cybersecurity, and compliance, with a proven track record of successfully guiding organizations through the SOC 2 preparation and audit process. Expertise in ISO 27001, GDPR, and HIPAA is highly preferred.
Responsibilities:
- SOC 2 Readiness Assessment:
- Conduct a comprehensive assessment of the current state of IT and security controls.
- Identify gaps and provide detailed recommendations for remediation.
Preparation and Implementation:
- Assist in developing and implementing necessary policies, procedures, and controls to meet SOC 2 requirements.
- Provide guidance on best practices for security, availability, processing integriy, confidentiality, and privacy.
Documentation:
- Ensure all necessary documentation is complete and up to date, including security policies, incident response plans, and access control policies.
- Assist in creating or updating risk assessments, data flow diagrams, and control matrices.
Training and Awareness:
- Conduct required training sessions for employees to ensure understanding and compliance with SOC 2 policies and procedures.
- Provide ongoing support and guidance to internal teams throughout the SOC 2 compliance process.
Audit Coordination:
- Act as the primary point of contact with the external SOC 2 auditor.
- Assist in scheduling and coordinating the audit process.
- Ensure timely and accurate submission of all required audit documentation.
ISO 27001, GDPR, and HIPAA Compliance (optional):
- Provide expertise and guidance.
- Assist in developing and implementing necessary policies, procedures, and controls.
Post-Audit Support:
- Assist with addressing any findings or recommendations from the external audit.
- Provide ongoing support to maintain SOC 2 and other relevant compliance.
Requirements:
- Experience:
- Proven experience with SOC 2 audits, including preparation, implementation, and coordination.
- Strong understanding of SOC 2 trust service criteria (security, availability, processing integrity, confidentiality, and privacy).
- Background in IT auditing, cybersecurity, or a related field.
Skills:
- Excellent understanding of IT systems, security controls, and compliance frameworks.
- Strong project management skills and the ability to manage multiple tasks and deadlines.
- Excellent written and verbal communication skills.
- Ability to train and educate employees on compliance requirements.
Certifications (Preferred):
- Certified Information Systems Auditor (CISA)
- Certified Information Systems Security Professional (CISSP)
- Certified Information Security Manager (CISM)
- ISO 27001 Lead Implementer or Auditor
- SOC 2 certification or equivalent experience.
Additional Information:
Duration: Estimated 3-6 months project, with potential for ongoing compliance support.
Workload: Part-time or full-time, depending on project requirements. Possibility of contract-to-hire.
Location: Remote work