Senior Consultant - SOC 2 & ISO 27001 Services
RISCPoint · United States · 2 days ago
RemoteRemoteConsultingFull-time
Key Responsibilities
- Lead SOC 2 audit engagements utilizing GRC and compliance automation platforms such as Vanta and Drata to streamline evidence collection, control monitoring, and audit coordination activities.
- Configure, review, and manage compliance workflows within GRC platforms, including control mapping, evidence review, personnel task tracking, and auditor request coordination.
- Work directly with clients and external auditors to facilitate efficient SOC 2 audit execution through automated evidence collection processes and platform-based collaboration.
- Lead and support cybersecurity compliance and assurance engagements across frameworks including SOC 1, SOC 2, ISO 27001, HITRUST, HIPAA, and related regulatory or industry standards.
- Facilitate client workshops, interviews, and discovery sessions with technical and business stakeholders to gather information regarding security controls, policies, procedures, and operational practices.
- Perform gap assessments, readiness assessments, and control evaluations against applicable framework requirements and industry leading practices.
- Develop, review, and maintain security and compliance documentation including policies, procedures, risk assessments, system descriptions, control narratives, and related supporting artifacts.
- Provide practical and risk-based remediation guidance to clients to address identified control gaps, deficiencies, and process improvement opportunities.
- Cook directly with client stakeholders to manage project timelines, track open items, communicate status updates, and ensure successful engagement execution.
- Support audit and assessment activities by assisting clients with evidence collection, walkthrough preparation, auditor coordination, and response management.
- Review client environments and processes to identify compliance risks, operational inefficiencies, and opportunities to improve security posture and program maturity.
- Contribute to the development and enhancement of internal methodologies, templates, accelerators, and service delivery processes.
- Mentor and support junior consultants by providing guidance, knowledge sharing, and quality review of project work products.
- Participate in client presentations and executive discussions by delivering clear, professional, and business-focused communication regarding compliance and security matters.
- Maintain current knowledge of cybersecurity, compliance, privacy, and assurance trends, standards, and emerging regulatory requirements.
Qualifications
- Bachelor’s or Master’s degree in Information Security, Computer Science, or a related field or combination of relevant education and equivalent work experience.
- 3–4 years of experience supporting or leading cybersecurity compliance, risk, or assurance engagements within a consulting, audit, or advisory environment.
- Hands-on experience supporting SOC 1 and SOC 2 assessments, including readiness activities, evidence collection, control testing support, and auditor coordination.
- Experience working with security and compliance frameworks such as SOC 1, SOC 2, ISO 27001, HITRUST, HIPAA, NIST CSF, or related industry standards.
- Experience utilizing GRC and compliance automation platforms such as Vanta and Drata in support of SOC 2 audits and ongoing compliance operations.
- Ability to facilitate client meetings, workshops, and discovery sessions with both technical and non-technical stakeholders.
- Experience developing and maintaining security and compliance documentation including policies, procedures, risk assessments, control narratives, and supporting evidence artifacts.
- Strong understanding of information security concepts including access management, logging and monitoring, vulnerability management, change management, vendor risk management, and incident response.
- Experience coordinating project tasks, managing timelines, tracking deliverables, and communicating status updates within a client-facing consulting environment.
- Strong written and verbal communication skills with the ability to present complex compliance and security concepts in a professional and business-friendly manner.
- Ability to independently manage multiple engagements and priorities in a fast-paced consulting environment while maintaining attention to detail and quality.
- Experience working within cloud-based environments such as AWS, Azure, or Google Cloud Platform is preferred.
Compensation & Benefits
- Generous Salary + Bonus
- Company Paid Health Insurance
- Company Paid Dental Insurance
- Company Paid Vision Insurance
- Company Paid Life Insurance
- 401k with 3% Company Contribution (Traditional & Roth Options)
- Generous Vacation Policy
- Annual Company Retreat