Senior GRC Analyst II, SOC 2

This is a fully remote position, open to applicants in Australia.

📋 Description

• Lead engagements for SOC 2 Type I and Type II readiness and examinations following the AICPA Trust Services Criteria.

• Oversee engagement planning, scoping, timeline management, and execution for multiple concurrent SOC 2 clients.

• Provide guidance to clients on the design and implementation of controls that align with the Trust Services Criteria (Security, Availability, Confidentiality, Processing Integrity, Privacy).

• Assess readiness gaps and create actionable remediation roadmaps.

• Act as an internal and external subject matter expert on SOC 2 automation platforms (e.g., Drata, Vanta, Secureframe, or similar tools).

• Configure and enhance client platform environments, including:

• - Control mapping

• - Evidence workflows

• - Automated integrations with cloud providers, ticketing systems, HRIS, code repositories, etc.

• - Continuous monitoring settings

• Review automated control outputs and exception reports to ensure audit defensibility.

• Identify opportunities to enhance automation coverage and minimize manual evidence collection.

• Collaborate with clients to advance their compliance operations using platform analytics and reporting.

• Review, document, and test IT general controls (logical access, change management, system operations).

• Evaluate automated and application controls within SaaS, cloud-native, and hybrid settings.

• Assess controls over infrastructure environments (AWS, Azure, GCP), identity management, and DevOps workflows.

• Confirm the sufficiency and completeness of evidence within SOC 2 platforms to support audit conclusions.

• Serve as the primary contact for SOC 2 clients, including executive-level stakeholders.

• Present audit findings, risk insights, and strategic recommendations to leadership.

• Advise rapidly growing SaaS clients on establishing scalable, audit-ready compliance programs.

• Assist in sales and go-to-market initiatives for SOC 2 services, including scoping and providing technical input on proposals.

• Mentor junior analysts on SOC 2 methodology, platform navigation, and best practices for control testing.

• Contribute to the enhancement of SOC 2 templates, testing programs, and platform playbooks.

• Identify efficiencies to standardize and scale SOC 2 engagements across the practice.

• Support training efforts to enhance internal SOC 2 platform expertise.

⛳️ Requirements

• 4+ years of experience in SOC 2, IT audit, or GRC, ideally within public accounting or consulting.

• Proven experience leading SOC 2 Type I and Type II engagements.

• Practical experience in administering or auditing within SOC 2 automation platforms (e.g., Drata, Vanta, Secureframe, or similar).

• In-depth understanding of:

• - AICPA Trust Services Criteria

• - IT General Controls (ITGCs)

• - Cloud environments (AWS, Azure, GCP)

• - SaaS operational environments

• Experience in reviewing automated evidence and continuous monitoring outputs.

• Strong client advisory and presentation abilities, including communication with executive-level stakeholders.

• Capability to manage multiple engagements in fast-paced, high-growth environments.

• Preferred:

• - Experience with venture-backed or rapidly growing SaaS companies.

• - Knowledge of adjacent frameworks (ISO 27001, NIST CSF).

• - Professional certifications such as CISA, CISSP, CISM, or CRISC.

• - Bachelor’s degree in Information Systems, Computer Science, Accounting, or a related field; advanced degree is a plus.

🏝️ Benefits

• Comprehensive Health Coverage – Medical, dental, and vision.

• Generous Paid Time Off – Vacation, sick leave, holidays, parental leave, and volunteer days.

• Flexible Work Arrangements – Hybrid or remote options, with flexible hours.

• Performance-Based Bonus – Acknowledgment for your contributions through discretionary bonuses.

• Professional Development Opportunities – Tuition reimbursement, certifications, and mentorship.

• Career Growth & Internal Mobility – Clear pathways for advancement and role transitions.

• Inclusive & Supportive Culture – DEI initiatives, employee resource groups, and wellness programs.