Senior Consultant - SOC 2 & ISO 27001 Services

About the Company

RISCPoint is a cybersecurity consulting firm specializing in helping organizations navigate complex compliance frameworks such as FedRAMP, SOC 2, ISO 27001, and HITRUST. Our team is made up of former assessors, auditors, and industry experts who deliver tailored, high-quality engagements designed to meet each client’s unique needs. We take a collaborative, “white-glove” approach that prioritizes both technical excellence and client experience. With rapid growth and a reputation for trusted expertise, RISCPoint partners with leading cloud service providers, technology companies, and enterprises across industries. Join us and be part of a team that is shaping the future of cybersecurity compliance.

Position Overview

The Senior Consultant - SOC 2 & ISO 27001 Services is responsible for supporting and leading cybersecurity compliance and assurance engagements across frameworks such as SOC 1, SOC 2, ISO 27001, HITRUST, and HIPAA. This role works directly with clients to assess security and compliance maturity, facilitate workshops, develop documentation, identify gaps, and provide practical remediation guidance while helping drive projects to completion in a professional, client-focused manner.

Key Responsibilities

• Lead SOC 2 audit engagements utilizing GRC and compliance automation platforms such as Vanta and Drata to streamline evidence collection, control monitoring, and audit coordination activities.
• Configure, review, and manage compliance workflows within GRC platforms, including control mapping, evidence review, personnel task tracking, and auditor request coordination.
• Work directly with clients and external auditors to facilitate efficient SOC 2 audit execution through automated evidence collection processes and platform-based collaboration.
• Lead and support cybersecurity compliance and assurance engagements across frameworks including SOC 1, SOC 2, ISO 27001, HITRUST, HIPAA, and related regulatory or industry standards.
• Facilitate client workshops, interviews, and discovery sessions with technical and business stakeholders to gather information regarding security controls, policies, procedures, and operational practices.
• Perform gap assessments, readiness assessments, and control evaluations against applicable framework requirements and industry leading practices.
• Develop, review, and maintain security and compliance documentation including policies, procedures, risk assessments, system descriptions, control narratives, and related supporting artifacts.
• Provide practical and risk-based remediation guidance to clients to address identified control gaps, deficiencies, and process improvement opportunities.
• Coordinate directly with client stakeholders to manage project timelines, track open items, communicate status updates, and ensure successful engagement execution.
• Support audit and assessment activities by assisting clients with evidence collection, walkthrough preparation, auditor coordination, and response management.
• Review client environments and processes to identify compliance risks, operational inefficiencies, and opportunities to improve security posture and program maturity.
• Contribute to the development and enhancement of internal methodologies, templates, accelerators, and service delivery processes.
• Mentor and support junior consultants by providing guidance, knowledge sharing, and quality review of project work products.
• Participate in client presentations and executive discussions by delivering clear, professional, and business-focused communication regarding compliance and security matters.
• Maintain current knowledge of cybersecurity, compliance, privacy, and assurance trends, standards, and emerging regulatory requirements.

Qualifications

• Bachelor’s or Master’s degree in Information Security, Computer Science, or a related field or combination of relevant education and equivalent work experience.

Experience

• 3–4 years of experience supporting or leading cybersecurity compliance, risk, or assurance engagements within a consulting, audit, or advisory environment.
• Hands-on experience supporting SOC 1 and SOC 2 assessments, including readiness activities, evidence collection, control testing support, and auditor coordination.
• Experience working with security and compliance frameworks such as SOC 1, SOC 2, ISO 27001, HITRUST, HIPAA, NIST CSF, or related industry standards.
• Experience utilizing GRC and compliance automation platforms such as Vanta and Drata in support of SOC 2 audits and ongoing compliance operations.
• Ability to facilitate client meetings, workshops, and discovery sessions with both technical and non-technical stakeholders.
• Experience developing and maintaining security and compliance documentation including policies, procedures, risk assessments, control narratives, and supporting evidence artifacts.
• Strong understanding of information security concepts including access management, logging and monitoring, vulnerability management, change management, vendor risk management, and incident response.
• Experience coordinating project tasks, managing timelines, tracking deliverables, and communicating status updates within a client-facing consulting environment.
• Strong written and verbal communication skills with the ability to present complex compliance and security concepts in a professional and business-friendly manner.
• Ability to independently manage multiple engagements and priorities in a fast-paced consulting environment while maintaining attention to detail and quality.
• Experience working within cloud-based environments such as AWS, Azure, or Google Cloud Platform is preferred.

Certifications

Relevant industry certifications such as Security+, CISSP, CISA, CRISC, ISO 27001 Lead Implementer/Auditor, HITRUST CCSFP, or similar certifications are preferred.

Skills

• Strong understanding of cybersecurity and compliance frameworks including SOC 1, SOC 2, ISO 27001, HITRUST, and HIPAA.
• Experience utilizing GRC and compliance automation platforms such as Vanta and Drata.
• Excellent written and verbal communication skills with the ability to work effectively with both technical and executive stakeholders.
• Strong organizational and project management skills with the ability to manage multiple client engagements and deadlines simultaneously.
• Ability to perform compliance assessments, identify control gaps, and provide practical remediation guidance within client environments.

Compensation & Benefits

• Generous Salary + Bonus
• Company Paid Health Insurance
• Company Paid Dental Insurance
• Company Paid Vision Insurance
• Company Paid Life Insurance
• 401k with 3% Company Contribution (Traditional & Roth Options)
• Generous Vacation Policy
• Annual Company Retreat

Key skills/competency

• SOC 2 Compliance
• ISO 27001 Implementation
• Cybersecurity Consulting
• Risk Assessment
• Compliance Automation
• GRC Platforms
• Client Management
• Auditor Coordination
• Remediation Guidance
• Information Security