Jobs · Finance

SOC 2 Type 2 Five-TSC SaaS / Cloud Compliance Lead

FYI - For Your Information, Inc. · Silver Spring, MD · 1 mo ago
RemoteRemoteFinanceFull-time

About the role

FYI is seeking a SOC 2 Type 2 Five-TSC SaaS / Cloud Compliance Lead to support an active SOC 2 Type 2 program across Security, Availability, Processing Integrity, Confidentiality, and Privacy.

Essential Responsibilities and Duties

  • Support SOC 2 Type 2 audit readiness and active auditor-response efforts across all five Trust Services Criteria.
  • Review evidence requests and determine whether evidence is complete, partial, missing, stale, unclear, or misaligned to the control being tested.
  • Draft and review auditor responses, management explanations, control narratives, and evidence summaries.
  • Support control operations for access reviews, vendor risk management, risk assessment, policy review, security awareness, incident response, change management, and security steering activities.
  • Review evidence for IAM, MFA, logging, monitoring, encryption, vulnerability management, secure SDLC, code review, release approvals, CI/CD security, SAST, DAST, SCA, backups, availability, confidentiality, processing integrity, and privacy controls.
  • Cook with control owners to obtain timestamped, complete, and audit-ready artifacts.
  • Cook with control owners to obtain timestamped, complete, and audit-ready artifacts.
  • Cook with control owners to obtain timestamped, complete, and audit-ready artifacts.
  • Cook with control owners to obtain timestamped, complete, and audit-ready artifacts.
  • Coordinate with control owners to obtain timestamped, complete, and audit-ready artifacts.
  • Maintain the recurring compliance calendar for monthly, quarterly, and annual SOC 2 control activities.
  • Support policy and documentation management, version control, approvals, and annual review cadence.
  • Identify control design gaps, operating effectiveness gaps, evidence issues, and audit risks.
  • Provide concise written status updates, blockers, risks, and next actions to the project manager and CISO/vCISO.

Required Qualifications

  • 8+ years of cybersecurity, GRC, IT audit, compliance, SaaS security, cloud security, security consulting, or related experience.
  • GRC platform experience (Drata preferred, others include Vanta or SecureFrame).
  • Direct hands-on experience supporting SOC 2 Type 2 audits.
  • Experience with SaaS or cloud-hosted application environments.
  • Experience reviewing evidence for control design and operating effectiveness.
  • Ability to translate audit requirements into operational tasks for engineering, IT, security, HR, legal, operations, and leadership stakeholders.
  • Strong written communication skills and ability to produce auditor-ready explanations.
  • Ability to drive control owners and follow-ups without constant prompting.
  • Ability to work through ambiguity and produce clean, organized, audit-ready documentation.

Nice to have

  • Prior SOC 2 auditor, CPA-firm, or audit-support experience.
  • Experience with all five Trust Services Criteria: Security, Availability, Processing Integrity, Confidentiality, and Privacy.
  • CISA, CISSP, CISM, Security+, CPA, ISO 27001 Lead Auditor, or equivalent certification.
  • Experience with Drata, Vanta, Secureframe, Hyperproof, Jira, Confluence, AWS, Azure, GCP, CI/CD tooling, SAST, DAST, SCA, vulnerability management, or cloud security tools.
  • PPCI DSS familiarity, especially where SOC 2 controls overlap with PCI requirements.

Operating Style Required

This role requires a senior operator who can own the SOC 2 lane in a fractional capacity. The contractor must communicate clearly, document next actions, identify blockers early, and coordinate through the project manager. This is not a casual side task.

Benefits/Incentives

Opportunity to work a hybrid work schedule
A knowledgeable, high-achieving, diverse, experienced, and fun team.
The chance to be part of a rapidly growing company and the next success story.
A competitive base salary with a loaded benefits package plus 401K.
Tuition/education assistance, personal computer allowance, pet insurance.

Similar jobs

Cloud Security Lead

MACHINE LEARNING TECHNOLOGIES LLCPlano, TX· 3 wk ago
Managementapply on machinele.com