Jobs · Legal · North Carolina

Security Compliance Analyst

Actalent · Morrisville, NC · 6 days ago
HybridLegal$50–$55/hrContract

Responsibilities

  • Own and drive the full lifecycle of ISO and SOC 2 Type 2 audits, from initial planning through final reporting.
  • Define detailed audit requirements and translate control language into clear, actionable technical requests for engineering teams.
  • Request, collect, and organize evidence from technical owners, ensuring completeness, accuracy, and audit readiness.
  • Review and validate the integrity and sufficiency of technical evidence, identifying gaps, inconsistencies, or invalid submissions.
  • Track remediation activities for identified gaps and follow up with stakeholders to ensure timely closure of issues.
  • Serve as the primary liaison with external audit firms, speaking the language of auditors and effectively defending the control environment.
  • Create and maintain an annual audit calendar, including timelines, milestones, and preparation activities for audit windows.
  • Cover coordination pre-audit reviews, walkthroughs, and readiness assessments to ensure the organization is well-prepared for audits.
  • Utilize AI and large language models to automate evidence collection, parse system logs, draft control descriptions, and identify potential compliance gaps before audits.
  • Apply a human-in-the-loop approach to AI usage by critically reviewing and validating AI-generated outputs for accuracy and completeness.
  • Review technical configuration reports for infrastructure, networking, containers, and databases to determine whether settings align with secure configuration expectations.
  • Research and identify appropriate secure configurations and control implementations for technologies not previously encountered.
  • Clearly explain to engineers what specific evidence or configurations are required, using precise technical language rather than generic control descriptions.
  • Collaborate with engineering and security teams to define and refine technical controls that align with ISO, SOC 2 Type 2, and other relevant frameworks.
  • Communicate complex compliance requirements in clear, accessible terms to non-technical stakeholders across the organization.
  • Push back constructively on auditors when appropriate, providing reasoned explanations and evidence to support the existing control environment.
  • Contribute to the continuous improvement of compliance processes by identifying opportunities to streamline workflows and reduce manual effort through automation and AI.

Qualifications

  • Proven, specific experience managing end-to-end ISO and SOC 2 Type 2 audits, including planning, execution, and final reporting.
  • Baseline understanding of ISO and SOC 2 Type 2 frameworks and their associated control requirements.
  • Experience running audits, with a preference for technology-focused auditing experience.
  • Demonstrated ability to understand and assess technical controls in cloud and SaaS environments.
  • Technical literacy in cloud platforms, with a particular preference for experience with AWS.
  • Capability to read and interpret technical configuration reports and determine whether configurations meet secure standards.
  • Experience using AI and large language models to streamline compliance and audit tasks, including evidence collection and analysis.
  • A clear human-in-the-loop philosophy for validating AI output to ensure accuracy and reliability.
  • Strong communication skills, including the ability to explain complex compliance requirements to non-technical stakeholders.
  • Ability to understand and articulate detailed technical requests from engineers and translate them into compliance terms.
  • Confidence and professionalism in pushing back on auditors when necessary, supported by clear evidence and reasoning.
  • Comfort discussing and auditing SaaS infrastructure running on public cloud environments such as AWS, Azure, or GCP and private cloud environments.
  • Familiarity with networking concepts and components, including firewalls, switches, routers, VPNs, and secure remote access.
  • Understanding of containerized environments, including Kubernetes and Docker.
  • Ability to research and determine appropriate secure settings and configurations for unfamiliar technologies.

Similar jobs

IT Security Compliance Analyst

Five Rivers IT Inc.Fair Lawn, NJ· 3 wk ago
Information Technology$125k–$175k/yrapply on fiveriversitinc.applytojob.com