Senior Consultant, SOC 2 Assessment

This is a fully remote position, open to applicants in United States.

📋 Description

• Oversee audits and assessments including preparation of audit plans, documentation review, evidence examination, procedure evaluations, and client interviews, primarily focusing on SOC 2, followed by SOC 1 and C5 audits.

• Maintain extensive knowledge in one or more cybersecurity frameworks.

• Prepare, review, and authorize assessment reports.

• Manage project priorities, tasks, and hours alongside the project manager and delivery team members to meet delivery utilization targets.

• Ensure the timely delivery of high-quality products and services.

• Promptly escalate client and project issues to management to engage necessary resources for resolution.

• Mentor team members in areas related to audit, assessment, technical reviews, and writing.

• Engage with clients throughout the entire engagement, interacting with all levels of their organizations.

• Build and sustain positive collaborative relationships with clients and stakeholders.

• Commit to continuous professional development by maintaining industry-specific certifications and a strong knowledge base in the practice area.

• Collaborate with project managers, quality management, sales, and other delivery team members to enhance customer satisfaction and meet project deliverables.

• Establish account relationships and identify upsell and cross-sell opportunities, escalating them to sales as necessary.

• Draft audit programs that adequately address both the regulatory body’s objectives and the complexities of the client's environment.

• Conduct interviews and inquiry walkthroughs with clients to assess conformity to stated requirements.

• Effectively communicate assessment status with both internal team members and external clients.

• Evaluate security vulnerabilities against relevant security frameworks.

• Pursue and validate conclusions drawn from inquiry procedures with clients while ensuring thorough interview notes are documented.

• Conduct offline and remote inspections of client-provided documentation, marking artifacts that require follow-up or additional clarification appropriately.

• Educate clients on compliance activities and interpret these for them.

• Apply quality standards and adhere to minimum benchmarks for quality assurance throughout the documentation of each work product or deliverable.

• Offer guidance to customers on issues impacting the scope of work in a way that adds additional value.

• Create documentation and author recommendations related to findings on improving the customer’s security posture in alignment with appropriate controls.

• Up to 20% travel required.

⛳️ Requirements

• Bachelor’s degree (four-year college or university) or an equivalent combination of education and work experience, preferably in Information Systems, CIS, MIS, or IT.

• 3-5 years of experience in security frameworks and regulatory requirements (such as SOC 2, C5, SSPA, ISO, NIST, COBIT, HIPAA/HITECH, HITRUST, or PCI).

• Ability to assess the design and effectiveness of technology controls throughout the business cycle.

• Proven capability to structure and lead projects successfully.

• Strong written and verbal communication skills, with the ability to communicate clearly and instill confidence in both internal stakeholders and external customers.

• Excellent consulting skills: capable of advising and challenging the status quo while fostering strong relationships.

• Ability to quickly establish high-trust relationships, rapport, and credibility.

• Strong personal initiative to effectively manage personal time and help manage the time of others to meet deadlines.

• Capacity to frequently shift focus while maintaining high-quality standards.

• Ability and willingness to train and mentor junior staff.

• Computer and typing skills that facilitate rapid data collection and note-taking.

• Ability to facilitate meetings for both small and large groups.

• Public speaking skills and an executive presence that captures attention.

• Inquisitive and curious mindset with the capacity to effectively probe for deeper information.

• Diplomatic and open-minded approach.

• Strong technical research skills.

🏝️ Benefits

• Paid parental leave.

• Flexible time off.

• Certification and training reimbursement.

• Digital mental health and wellbeing support membership.

• Comprehensive insurance options.