Job Description

This is a remote position.

We are seeking an experienced consultant with deep expertise in preparing organizations for SOC 2 Type II audits, and experience using Drata for compliance automation. The ideal candidate understands the AICPA Trust Services Criteria (2017), the COSO Internal Control Framework (2013), and cloud-based control environments. The role entails guiding customers through control design, documentation, evidence preparation, and readiness activities for successful Type II examinations.

 
Job Title: SOC 2 Consultant
Location: REMOTE
Job Type: Contract | Part-time through the first quarter of 2026

 
Responsibilities:

• Lead SOC 2 Type II readiness engagements using AICPA SOC for Service Organizations guidance (AICPA, SOC Examination Guidance, 2022)
  
• Conduct gap assessments, control maturity reviews, and remediation planning aligned with the Trust Services Criteria (AICPA, TSC 2017)
  
• Design, review, and enhance controls based on the COSO Internal Control Integrated Framework (COSO, 2013)
  
• Develop or refine security policies, procedures, and governance documentation
  
• Prepare and validate audit evidence based on AICPA audit evidence standards (AICPA, Audit Evidence, 2020)
  
• Configure and optimize Drata for automated evidence collection, control mapping, and audit readiness
  
• Align technical and operational controls with secure architecture frameworks, including AWS Well Architected, Azure Security Benchmark, and Google Cloud Security Foundations
  
• Guide clients through risk assessments, vendor oversight, incident response planning, and logging and monitoring practices using NIST CSF (2018) and ISO 27001 (2022) as reference points
  
• Provide advisory support to executive and technical stakeholders during the SOC 2 preparation process
  
• Coordinate with external auditors during pre-engagement and evidence requests
  

Requirements

• Expertise in AICPA Trust Services Criteria and SOC 2 Type II readiness
  
• Strong understanding of control design and evaluation aligned to COSO
  
• Proficiency with Drata, including setup, control mapping, workflows, and evidence automation
  
• Experience with cloud security principles across AWS, Azure, or Google CloudAbility to create policies, procedures, and governance documentation
  
• Strong skills in risk assessment, access control reviews, logging, monitoring, change management, and incident response
  
• Proficiency in vendor risk management practices, including SIG or SCA formats
  
• Excellent communication skills and experience advising executives and technical teams
  
• Must hold at least one of the following certifications: CISA, CISSP, CCSP, ISO 27001 Lead Implementer or Lead Auditor
  
• Nice to have certifications: CISM, CRISC, CompTIA Security+, GIAC GSEC
  

Job Tags

Similar Jobs