Job Description - SOC 2 Type 2 Five-TSC SaaS / Cloud Compliance Lead
FYI - For Your Information, Inc. is an SBA certified, Woman-Owned Small Business and GSA schedule holder that is a premier provider of Human Capital, Training, and Information Technology services. We have won awards for being a Great Place to Work and continue to make ground-breaking advancements. For four years in a row, we have been on Inc. Magazine's 5000 list and were recently named one of Inc.'s 2024 Mid-Atlantic Fastest Growing companies.
About the role
FYI is seeking a SOC 2 Type 2 Five-TSC SaaS / Cloud Compliance Lead to support an active SOC 2 Type 2 program across Security, Availability, Processing Integrity, Confidentiality, and Privacy. This role will own the SOC 2 domain in a fractional capacity, including evidence review, control operation support, auditor communication support, recurring compliance cadence, and SaaS/cloud control maturity. The right candidate has supported real SOC 2 Type 2 audits and can work with engineering, IT, security, HR, operations, leadership, and auditors.
Essential responsibilities and duties
Support SOC 2 Type 2 audit readiness and active auditor-response efforts across all five Trust Services Criteria.
Review evidence requests and determine whether evidence is complete, partial, missing, stale, unclear, or misaligned to the control being tested.
Draft and review auditor responses, management explanations, control narratives, and evidence summaries.
Support control operations for access reviews, vendor risk management, risk assessment, policy review, security awareness, incident response, change management, and security steering activities.
PCI DSS familiarity, especially where SOC 2 controls overlap with PCI requirements.
Expected deliverables
SOC 2 Five-TSC evidence and gap tracker inputs.
Control evidence sufficiency reviews.
Auditor response drafts and management-response drafts.
Control narrative and control-description updates.
Recurring compliance calendar inputs for access reviews, vendor reviews, risk assessments, policy reviews, steering meetings, and evidence refresh cycles.
Policy, procedure, and documentation review notes.
SOC 2 blocker, risk, and next-action summaries.
Operating style required
This role requires a senior operator who can own the SOC 2 lane in a fractional capacity. The contractor must communicate clearly, document next actions, identify blockers early, and coordinate through the project manager. This is not a casual side task. Responsiveness, ownership, and clean written work product are required.
FYI's Benefits/Incentives: What is in it for you?
Opportunity to work a hybrid work schedule
A knowledgeable, high-achieving, diverse, experienced, and fun team.
The chance to be part of a rapidly growing company and the next success story.
A competitive base salary with a loaded benefits package plus 401K.
Tuition/education assistance, personal computer allowance, pet insurance.
All Job Ads are subject to GrabJobs’s Terms of Service. We allow users to flag postings that may be in violation of those terms. Job Ads may also be flagged by GrabJobs moderation team. However, no moderation system is perfect, and flagging a posting does not ensure that it will be removed.
Be the first to receive the latest Others Full-Time Jobs in the US.
Setup your job alert:
By activating job alerts, I agree to GrabJobs Terms & Privacy Policy. I can unsubscribe to job alerts anytime.
Skip
GrabJobs is the no1 job portal in the US, connecting you to thousands of jobs fast!
Find the best jobs in the US, apply in 1 click and get a job today!