SOC 2 Type 2 Five-TSC SaaS / Cloud Compliance Lead

FYI For Your Information Inc

$100K — $130K *
Information Technology
8 - 10 years of experience
Job Overview by Ladders

Qualifications

  • 8+ years in cybersecurity, GRC, IT audit, compliance, SaaS security, or related fields.
  • Experience with GRC platforms, especially Drata.
  • Hands-on experience with SOC 2 Type 2 audits.
  • Familiarity with SaaS/cloud-hosted applications.
  • Skilled in reviewing control design and operating effectiveness evidence.
  • Ability to translate audit needs into actionable tasks across various teams.
  • Exceptional written communication skills for producing auditor-ready documentation.
  • Capable of driving initiatives without needing constant oversight.

Responsibilities

  • Support readiness for SOC 2 Type 2 audits across all Trust Services Criteria.
  • Review and assess evidence requests for completeness and alignment with controls.
  • Draft and review auditor responses and management explanations.
  • Manage operations for access reviews and vendor risk management processes.
  • Check evidence related to IAM, MFA, logging, encryption, and other security controls.
  • Coordinate with control owners to gather complete, timestamped artifacts.
  • Maintain a recurring compliance calendar for SOC 2 activities.

Benefits

  • Hybrid work schedule available.
  • Join a knowledgeable and diverse team.
  • Be part of a rapidly growing company.
  • Competitive base salary plus comprehensive benefits package.
  • Tuition assistance and personal computer allowance.
Full Job Description


About the role

FYI is seeking a SOC 2 Type 2 Five-TSC SaaS / Cloud Compliance Lead to support an active SOC 2 Type 2 program across Security, Availability, Processing Integrity, Confidentiality, and Privacy. This role will own the SOC 2 domain in a fractional capacity, including evidence review, control operation support, auditor communication support, recurring compliance cadence, and SaaS/cloud control maturity. The right candidate has supported real SOC 2 Type 2 audits and can work with engineering, IT, security, HR, operations, leadership, and auditors.

Essential responsibilities and duties
  • Support SOC 2 Type 2 audit readiness and active auditor-response efforts across all five Trust Services Criteria.
  • Review evidence requests and determine whether evidence is complete, partial, missing, stale, unclear, or misaligned to the control being tested.
  • Draft and review auditor responses, management explanations, control narratives, and evidence summaries.
  • Support control operations for access reviews, vendor risk management, risk assessment, policy review, security awareness, incident response, change management, and security steering activities.
  • Review evidence for IAM, MFA, logging, monitoring, encryption, vulnerability management, secure SDLC, code review, release approvals, CI/CD security, SAST, DAST, SCA, backups, availability, confidentiality, processing integrity, and privacy controls.
  • Coordinate with control owners to obtain timestamped, complete, and audit-ready artifacts.
  • Help maintain the recurring compliance calendar for monthly, quarterly, and annual SOC 2 control activities.
  • Support policy and documentation management, version control, approvals, and annual review cadence.
  • Identify control design gaps, operating effectiveness gaps, evidence issues, and audit risks.
  • Provide concise written status updates, blockers, risks, and next actions to the project manager and CISO/vCISO.

Required qualifications
  • 8+ years of cybersecurity, GRC, IT audit, compliance, SaaS security, cloud security, security consulting, or related experience.
  • GRC platform experience (Drata preferred, others include Vanta or SecureFrame)
  • Direct hands-on experience supporting SOC 2 Type 2 audits.
  • Experience with SaaS or cloud-hosted application environments.
  • Experience reviewing evidence for control design and operating effectiveness.
  • Ability to translate audit requirements into operational tasks for engineering, IT, security, HR, legal, operations, and leadership stakeholders.
  • Strong written communication skills and ability to produce auditor-ready explanations.
  • Ability to drive control owners and follow-ups without constant prompting.
  • Ability to work through ambiguity and produce clean, organized, audit-ready documentation.

Nice to have
  • Prior SOC 2 auditor, CPA-firm, or audit-support experience.
  • Experience with all five Trust Services Criteria: Security, Availability, Processing Integrity, Confidentiality, and Privacy.
  • CISA, CISSP, CISM, Security+, CPA, ISO 27001 Lead Auditor, or equivalent certification.
  • Experience with Drata, Vanta, Secureframe, Hyperproof, Jira, Confluence, AWS, Azure, GCP, CI/CD tooling, SAST, DAST, SCA, vulnerability management, or cloud security tools.
  • PCI DSS familiarity, especially where SOC 2 controls overlap with PCI requirements.

Expected deliverables
  • SOC 2 Five-TSC evidence and gap tracker inputs.
  • Control evidence sufficiency reviews.
  • Auditor response drafts and management-response drafts.
  • Control narrative and control-description updates.
  • Recurring compliance calendar inputs for access reviews, vendor reviews, risk assessments, policy reviews, steering meetings, and evidence refresh cycles.
  • Policy, procedure, and documentation review notes.
  • SOC 2 blocker, risk, and next-action summaries.

Operating style required

This role requires a senior operator who can own the SOC 2 lane in a fractional capacity. The contractor must communicate clearly, document next actions, identify blockers early, and coordinate through the project manager. This is not a casual side task. Responsiveness, ownership, and clean written work product are required.

FYI's Benefits/Incentives: What is in it for you?
  • Opportunity to work a hybrid work schedule
  • A knowledgeable, high-achieving, diverse, experienced, and fun team.
  • The chance to be part of a rapidly growing company and the next success story.
  • A competitive base salary with a loaded benefits package plus 401K.
  • Tuition/education assistance, personal computer allowance, pet insurance.

Similar Jobs

More Jobs at FYI For Your Information Inc

More Information Technology Jobs

Find similar SOC 2 Type 2 Five-TSC SaaS / Cloud Compliance Lead jobs: