Overview
Skills
Job Details
We have a current opportunity for a Cybersecurity SOC2 Type2 Audit Analyst on a contract basis. The position will be remote based on th east coast. For further information about this position please apply.
(No third-party candidates please)
You will join an outstanding team of some of the most innovative minds in the business tasked with designing and deploying cybersecurity guardrails. You will be part of the Cybersecurity team leading all aspects of SOC2 Type2 Certification, including gap remediation and program management, partnering with business leaders to identify and mitigate operational, regulatory, and reputational cybersecurity risks related to SOC2 Type2 Audits.
This is an exciting opportunity that will lead our most important and visible cybersecurity compliance initiative, the Soc2 Type2 cybersecurity audit.
You will be the key contributor in implementing SOC2 Type2 Audit program, identifying & developing security controls, managing risk assessments, and partnering with IT to provide and implement recommendations for improvements. Your work will improve our processes and identify ways to make our IT control environment even better. Your key partners will be cloud domain architects, application developers, infrastructure teams, and the Cybersecurity organization as a whole.
Major Responsibilities
Design and execute tests to validate identified system controls according to SOC2 Type2 requirements.
Prepare and lead efforts to achieve SOC 2 Type2 certification and maintain compliance.
Coordinate with external auditors and ensure all security documentation is up-to-date.
Identify potential gaps in the environment that may impact SOC 2 Type 2 certification, and implement security controls to mitigate these risks.
Evaluate control designs within system architecture, focusing on IT controls related to security and confidentiality.
Assess business and technology processes to determine the effectiveness of related technology controls.
Review system control efficiency, conduct testing to identify root causes, and provide improvement recommendations to senior management.
Track remediation of controls that are not functioning as intended and enhance the control environment to address evolving threats.
Lead and coordinate the preparation of detailed compliance reports, ensuring accuracy and alignment with SOC2 standards.
Take an active lead role in presenting the certification scope, progress, and outcomes to internal stakeholders across technology and business units.
Lead and manage all aspects of SOC 2 Type 2 audits, including scope expansion, audit readiness, walkthroughs, evidence collection, and coordination with internal and external auditors.
5+ years working experience in a technology audit, security risk management, and/or security compliance role.
3+ years of program management experience, including leading complex enterprise IT Audit programs.
Demonstrated experience with Soc2 Type2 IT/cybersecurity internal control definition, design, development, implementation, and monitoring.
Strong functional knowledge of multiple security domains, including industry standards and best practices in information security.
Experienced with implementing and/or auditing compliance programs based on frameworks such as COBIT, COSO, SOC 2, ISO 27001, and NIST 800-53.
Understanding of cybersecurity risks management practices, covering the full lifecycle of activities, including risk identification, assessment, mitigation, monitoring, and reporting.
Experience in mapping and rationalizing controls to meet SOC2 Type2 requirements.
Strong interpersonal skills, with a history of effective collaboration with internal clients providing support services.
Proficiency with cloud infrastructure technologies and services, such as AWS, Azure, and a variety of enterprise SaaS solutions.
Preferred certifications include CRISC, CISA, or ISO 27001 Auditor.
internal control systems.
Educational Background Required
Bachelor's Degree in Computer Science Preferred