Location: 100% Remote (CST / EST)
Salary: $120K - $135K (some flex) with excellent benefits
Term: Contract (2+ years)
A client of ours is seeking a Cybersecurity SOC 2 Type2 Audit lead, who will join an outstanding team of some of the most innovative minds in the business tasked with designing and deploying cybersecurity guardrails. This is an exciting opportunity that will lead their most important and visible cybersecurity compliance initiative, the SOC 2 Type 2 Audit.
Major Responsibilities
- Design and execute tests to validate identified system controls according to SOC 2 Type 2 requirements.
- Prepare and lead efforts to achieve SOC 2 Type 2 certification and maintain compliance.
- Coordinate with external auditors and ensure all security documentation is up-to-date.
- Identify potential gaps in the environment that may impact SOC 2 Type 2 certification, and implement security controls to mitigate these risks.
- Evaluate control designs within system architecture, focusing on IT controls related to security and confidentiality.
- Assess business and technology processes to determine the effectiveness of related technology controls.
- Review system control efficiency, conduct testing to identify root causes, and provide improvement recommendations to senior management.
- Track remediation of controls that are not functioning as intended and enhance the control environment to address evolving threats.
- Lead and coordinate the preparation of detailed compliance reports, ensuring accuracy and alignment with SOC 2 standards.
- Take an active lead role in presenting the certification scope, progress, and outcomes to internal stakeholders across technology and business units.
- Lead and manage all aspects of SOC 2 Type 2 audits, including scope expansion, audit readiness, walkthroughs, evidence collection, and coordination with internal and external auditors.
Required Skills/Knowledge
We engage with our critical applications and their technology stack from top to bottom. Thus, we seek seven to ten years of in-depth knowledge of application security and a detailed understanding of infrastructure security. You're no stranger to a fast-paced environment and tight deadlines. You can adapt to changing circumstances, juggle competing priorities, and combine a sense of urgency with due care and attention to detail. You get personal satisfaction from analyzing problems and delivering solutions to improve business processes.
- 7+ years working experience in a technology audit, security risk management, and/or security compliance role.
- 5+ years of program management experience, including leading complex enterprise IT Audit programs.
- Demonstrated experience with SOC 2 Type 2 IT/cybersecurity internal control definition, design, development, implementation, and monitoring.
- Strong functional knowledge of multiple security domains, including industry standards and best practices in information security.
- Experienced with implementing and/or auditing compliance programs based on frameworks such as COBIT, COSO, SOC 2, ISO 27001, and NIST 800-53.
- Understanding of cybersecurity risks management practices, covering the full lifecycle of activities, including risk identification, assessment, mitigation, monitoring, and reporting.
- Proficient in implementing or using control automation and compliance tools, with a strong focus on maintaining effective internal control systems.
- Experience in mapping and rationalizing controls to meet SOC 2 Type 2 requirements.
- Strong interpersonal skills, with a history of effective collaboration with internal clients providing support services.
- Proficiency with cloud infrastructure technologies and services, such as AWS, Azure, and a variety of enterprise SaaS solutions.
- Preferred certifications include CRISC, CISA, or ISO 27001 Auditor.
Educational Background Required
- Bachelor's Degree in Computer Science Preferred