SOC 2 Consultant

New York City, NY - USA

Monthly Salary: Not Disclosed

Experience Required: 5years

Posted on: 10 hours ago

Vacancies: 1 Vacancy

Job Summary

This is a remote position.

We are seeking experienced consultants with deep expertise in preparing organizations for SOC 2 Type II audits and experience using Drata for compliance automation. The ideal candidates understand the AICPA Trust Services Criteria (2017) the COSO Internal Control Framework (2013) and cloud-based control environments. These roles include guiding customers through control design documentation evidence preparation and readiness activities for successful Type II examinations.

Job Title: SOC 2 Consultant
Available Positions: 2
Location: REMOTE (1 US & 1 UK)
Job Type: Contract (Project duration will be discussed during the interview)

Responsibilities:

Lead SOC 2 Type II readiness engagements using AICPA SOC for Service Organizations guidance (AICPA SOC Examination Guidance 2022)
Conduct gap assessments control maturity reviews and remediation planning aligned with the Trust Services Criteria (AICPA TSC 2017)
Design review and enhance controls based on the COSO Internal Control Integrated Framework (COSO 2013)
Develop or refine security policies procedures and governance documentation
Prepare and validate audit evidence based on AICPA audit evidence standards (AICPA Audit Evidence 2020)
Configure and optimize Drata for automated evidence collection control mapping and audit readiness
Align technical and operational controls with secure architecture frameworks including AWS Well Architected Azure Security Benchmark and Google Cloud Security Foundations
Guide clients through risk assessments vendor oversight incident response planning and logging and monitoring practices using NIST CSF (2018) and ISO 27001 (2022) as reference points
Provide advisory support to executive and technical stakeholders during the SOC 2 preparation process
Coordinate with external auditors during pre-engagement and evidence requests

Requirements

Expertise in AICPA Trust Services Criteria and SOC 2 Type II readiness
Strong understanding of control design and evaluation aligned to COSO
Proficiency with Drata including setup control mapping workflows and evidence automation
Experience with cloud security principles across AWS Azure or Google CloudAbility to create policies procedures and governance documentation
Strong skills in risk assessment access control reviews logging monitoring change management and incident response
Proficiency in vendor risk management practices including SIG or SCA formats
Excellent communication skills and experience advising executives and technical teams
Must hold at least one of the following certifications: CISA CISSP CCSP ISO 27001 Lead Implementer or Lead Auditor
Nice to have certifications: CISM CRISC CompTIA Security GIAC GSEC

Required Skills:

SOC 2 Type II DRATA AICPA Trust Services Criteria (2017) COSO Internal Control Framework (2013) Cloud Security Third-party Risk Management (SIG or SCA) CISA CISSP CCSP or ISO 27001 Lead Implementer or Lead Auditor Certification Documentation

This is a remote position. We are seeking experienced consultants with deep expertise in preparing organizations for SOC 2 Type II audits and experience using Drata for compliance automation. The ideal candidates understand the AICPA Trust Services Criteria (2017) the COSO Internal Control Frame...

This is a remote position.

Lead SOC 2 Type II readiness engagements using AICPA SOC for Service Organizations guidance (AICPA SOC Examination Guidance 2022)
Conduct gap assessments control maturity reviews and remediation planning aligned with the Trust Services Criteria (AICPA TSC 2017)
Design review and enhance controls based on the COSO Internal Control Integrated Framework (COSO 2013)
Develop or refine security policies procedures and governance documentation
Prepare and validate audit evidence based on AICPA audit evidence standards (AICPA Audit Evidence 2020)
Configure and optimize Drata for automated evidence collection control mapping and audit readiness
Align technical and operational controls with secure architecture frameworks including AWS Well Architected Azure Security Benchmark and Google Cloud Security Foundations
Guide clients through risk assessments vendor oversight incident response planning and logging and monitoring practices using NIST CSF (2018) and ISO 27001 (2022) as reference points
Provide advisory support to executive and technical stakeholders during the SOC 2 preparation process
Coordinate with external auditors during pre-engagement and evidence requests

Requirements

Expertise in AICPA Trust Services Criteria and SOC 2 Type II readiness
Strong understanding of control design and evaluation aligned to COSO
Proficiency with Drata including setup control mapping workflows and evidence automation
Experience with cloud security principles across AWS Azure or Google CloudAbility to create policies procedures and governance documentation
Strong skills in risk assessment access control reviews logging monitoring change management and incident response
Proficiency in vendor risk management practices including SIG or SCA formats
Excellent communication skills and experience advising executives and technical teams
Must hold at least one of the following certifications: CISA CISSP CCSP ISO 27001 Lead Implementer or Lead Auditor
Nice to have certifications: CISM CRISC CompTIA Security GIAC GSEC