Information Security Analyst/Compliance Lead - CONTRACT

NexusTek

$90K — $120K *
US-AnywhereRemote in United States
Healthcare
Less than 5 years of experience
Job Overview by Ladders

Qualifications

  • Hands-on experience with SOC 2 compliance and Trust Service Criteria
  • Proficiency with compliance automation platforms like Vanta
  • Knowledge of EDR platforms like CrowdStrike for alert triage
  • Understanding of HIPAA compliance in high-trust environments
  • Ability to prepare audit-ready documentation for security controls
  • Strong organizational skills for managing multifaceted evidence
  • Availability for a full-time commitment from mid-July 2026 to December 31, 2026

Responsibilities

  • Manage and upload security policies in a compliance automation platform
  • Collect and organize evidence for SOC 2 controls
  • Map evidence to Trust Service Criteria and flag gaps
  • Support remediation and compensating controls for audit findings
  • Monitor EDR alerts and conduct initial security incident investigations
  • Run incident response procedures as per the client’s IR plan
  • Assist with ad-hoc security and compliance tasks from leadership
  • Help establish repeatable security processes as the program matures

Benefits

  • Fully remote work arrangement for U.S.-based candidates
  • Dedicated contract position in a fast-growing healthcare company
  • Opportunity to lead SOC 2 audit processes from the ground up
  • Engagement in a high-trust, HIPAA-compliant environment
  • Potential for skill development in a critical compliance area
Full Job Description
CONTRACT OPPORTUNITY - SECURITY & COMPLIANCE

Security Analyst / Compliance Lead

Contract | Remote (U.S.-Based) | Mid-July - December 2026

Engagement Type

Contract - 1099 preferred

Rate

Commensurate with experience - details provided on initial call

Duration

Approximately 5.5-6 months - mid-July through December 31, 2026

Location

Fully remote - U.S.-based only

Hours

Full-time dedicated resource

Start Date

Mid-July 2026

The Opportunity

A fast-growing healthcare services company is undergoing its first SOC 2 audit and building its information security program from the ground up. The organization operates in a HIPAA-compliant, high-trust environment and is now taking on enterprise clients who require formal compliance credentials.

We are placing one Security Analyst / Compliance Lead as a dedicated, embedded resource. This person will function as an extension of the internal team - owning day-to-day security operations and SOC 2 evidence collection. This is a hybrid role, not a senior architect or vCISO seat, and it does not involve facing the auditor directly.

What You Will Do

  • Upload and manage security policies within a leading compliance automation platform
  • Gather, organize, and upload evidence for SOC 2 controls across the defined audit scope
  • Map evidence to applicable Trust Service Criteria; identify and flag gaps
  • Support remediation efforts and compensating controls as audit findings surface
  • Monitor and triage EDR alerts; perform initial investigations on security incidents
  • Execute incident response procedures in accordance with the client's IR plan
  • Handle ad hoc security and compliance tasks as directed by client leadership
  • Support the team in establishing repeatable security processes as the program matures


Required Qualifications

  • Hands-on experience with SOC 2 compliance - familiarity with Trust Service Criteria, evidence collection, and control mapping
  • Proficiency with Vanta or a comparable GRC / compliance automation platform
  • Working knowledge of CrowdStrike or comparable EDR platforms for alert triage and basic incident response
  • Understanding of HIPAA compliance requirements and high-trust environments
  • Ability to translate technical security controls into audit-ready documentation
  • Strong organizational skills - able to independently manage a large volume of evidence across multiple control areas
  • Available to start mid-July 2026 and commit through December 31, 2026
  • U.S.-based, available to work fully remote


Preferred Qualifications

  • Prior experience in a healthcare or health services organization
  • Familiarity with third-party audit firms and evidence submission processes
  • Exposure to additional frameworks such as ISO 27001, NIST RMF, GDPR, or PCI DSS
  • Experience with Azure environments or cloud-hosted infrastructure
  • Background in GRC (Governance, Risk, and Compliance) in addition to hands-on security operations


What This Role Is Not

  • Not a senior security architect or vCISO seat - this is a mid-level, hybrid role
  • Not the primary interface with the auditor - client leadership owns that relationship
  • Not initially scoped for vulnerability management or third-party risk - those may be added as the engagement grows


This is a confidential opportunity. Identifying details have been withheld intentionally.

Similar Jobs

More Jobs at NexusTek

More Healthcare Jobs

Find similar Information Security Analyst/Compliance Lead - CONTRACT jobs: