SOC 2 Assessor

Company Overview

TestPros, established in 1988, is a successful and growing business providing Information Technology (IT) technical support services to a wide range of Commercial and U.S. Federal, State, and Local Government customers. Our capabilities include Program Management, Program Oversight, Process Audit, Intelligence Analysis, Cyber Security, NIST 800-53, NIST SP 800-171 / CMMC Consulting/Assessment/Compliance, PCI Compliance, SOC 2, GLBA, Zero Trust, Resiliency, Computer Forensics, Software Supply Chain Assurance, Software Testing, Test Automation, Section 508 and WCAG Accessibility Assessment and Remediation, Localization Testing, Independent Verification and Validation (IV&V), Quality Assurance (QA), Compliance, and Research and Development (R&D) services. TestPros is an Equal Opportunity Employer.

Position: SOC 2 Assessor (Part-time, Remote)

TestPros is actively seeking an expert-level SOC 2 Assessor with significant experience performing SOC 2 Type 2 Assessments.

Responsibilities and Duties

As a SOC 2 Assessor, you will be expected to expertly and consistently deliver on the following key areas:

• Test and evaluate the operating effectiveness of internal controls against the relevant AICPA Trust Services Criteria (TSC), covering Security, Availability, Processing Integrity, Confidentiality, and Privacy.
• Conduct Gap analysis and readiness assessments to identify and document control deficiencies within an organization's existing frameworks.
• Gather and meticulously organize sufficient and appropriate evidence to thoroughly support all audit findings.
• Compile the comprehensive results of the audit into a detailed SOC 2 Type 2 report.
• Provide actionable recommendations and expert guidance on remediation strategies and best practices for enhancing overall security posture.
• Produce and critically review key performance indicators (KPIs) for implemented security measures, distributing these KPIs to relevant stakeholders.
• Maintain up-to-date knowledge of the evolving threat landscape by continuously monitoring threat intelligence and other related industry sources.

Qualifications and Skills

We are looking for candidates who possess the following qualifications and skills:

• 5+ years of directly related experience in IT security compliance, with recent and specific experience in SOC 2 Cloud computing security.
• Demonstrated expertise in Security governance and policy development.
• Proficiency in Security risk analysis and mitigation strategies.
• Strong understanding and practical experience with Threat Intelligence.
• Proven skills in Incident Management, including analysis, detection, and handling of security events.
• A Bachelor's Degree in Computer Science or a related technical discipline is preferred, or an equivalent combination of education, professional training, or work experience.
• Military experience and/or extensive practical job experience, coupled with significant industry certifications, may be considered in lieu of formal education.

Key skills/competency

• SOC 2 Type 2 Assessments
• AICPA Trust Services Criteria
• IT Security Compliance
• Security Governance
• Risk Analysis
• Threat Intelligence
• Incident Management
• Cloud Computing Security
• Internal Controls Testing
• Report Compilation