Security Analyst, SOC 2 Audit Support

Title: Security Analyst, SOC 2 Audit Support Location: Remote Employment Type: 6 months (April – October, Audit Ramp-Up & Wind-Down Support US Citizen or Green card only. Role Overview The Security Analyst will support the preparation and execution of a SOC 2 audit led by a third-party firm, coordinating across IT and Security teams to ensure timely, accurate, and complete evidence submission for 112 controls and approximately 364 audit requests. This is a project-based role focused on verification, coordination, documentation quality, and deadline management rather than primary control ownership. The individual will review control evidence for accuracy, validate timestamps and query outputs, and ensure documentation meets auditor expectations. The role includes facilitating walkthrough meetings, coordinating internal control owners, tracking remediation items, and proactively communicating potential findings to management. Success requires strong organizational skills, attention to detail, and the ability to manage multiple stakeholders under tight deadlines. Purpose This role provides the opportunity to play a critical part in ensuring the successful completion of a high-visibility SOC 2 audit that directly supports the company’s trust posture, customer commitments, and business growth objectives. The individual will be at the center of audit execution and cross-functional coordination during a strategically important period. Growth The position offers hands-on exposure to SOC 2 control testing, audit coordination, and third-party auditor engagement across 112 controls, providing practical experience in compliance program execution. The scope and complexity of managing 364 evidence requests in a compressed timeline will significantly strengthen audit readiness and compliance operations expertise. Motivators This role is ideal for someone who thrives in structured, deadline-driven environments, enjoys improving documentation quality, and takes pride in preventing issues before they escalate. The work offers measurable impact, cross-functional visibility, and the satisfaction of driving a complex audit to successful completion. Performance Objectives 1. Execute Comprehensive Evidence Verification for 112 SOC 2 Controls Within the first 30 days, develop a structured tracking system to manage approximately 364 audit evidence requests across 112 in-scope controls. Over the course of the audit preparation phase, review all submitted screenshots, system extracts, and documentation to ensure timestamps, query parameters, and required attributes meet auditor criteria before submission. Achieve a minimum 95% first-pass acceptance rate by external auditors and reduce rework cycles through proactive quality control and clear communication with control owners. This objective may be enhanced using AI-enabled document comparison or automated evidence validation tools to detect inconsistencies before submission. 2. Coordinate and Facilitate SOC 2 Walkthrough Meetings and Auditor Engagement Plan and coordinate walkthrough sessions between internal stakeholders and third-party auditors, ensuring appropriate control owners are prepared and available to respond. Maintain a real-time audit status tracker and provide weekly updates to management outlining progress, open items, and potential findings. Ensure all walkthrough documentation is complete within 48 hours of each session and that action items are assigned and tracked to closure. Success will be measured by on-time completion of all scheduled walkthroughs and zero missed response deadlines. 3. Proactively Identify, Escalate, and Support Remediation of Potential Findings Review submitted evidence and control narratives to identify gaps, inconsistencies, or areas of non-compliance prior to auditor discovery. Escalate potential findings to IT and Security leadership within two business days of identification and assist in coordinating remediation plans. Track remediation progress and ensure closure documentation is audit-ready prior to final submission. Outstanding performance will result in minimized formal findings and successful completion of audit preparation by the October wind-down milestone. Critical Subtasks 1. Build and Maintain a Centralized Audit Tracking Framework Within the first two weeks, establish a centralized control tracking system mapping each of the 112 controls to its associated evidence requests, control owners, due dates, and status. Ensure daily updates during peak audit periods and maintain complete traceability between evidence and control requirements. Success will be measured by zero missed evidence deadlines and full visibility for management at all times. 2. Validate Technical Evidence Accuracy and Timestamp Integrity Review screenshots, logs, and query outputs to confirm that required timestamps, reporting periods, and data filters align precisely with SOC 2 testing criteria. Communicate discrepancies to control owners within one business day and verify corrected submissions before auditor delivery. Maintain a documented quality review log to demonstrate pre-submission verification rigor. 3. Coordinate Cross-Functional Responses and Meeting Readiness Identify appropriate subject matter experts for each control walkthrough, confirm preparedness prior to meetings, and ensure consistent messaging aligned with documented control narratives. Provide briefing summaries to participants before meetings and follow-up summaries after completion. Success will be measured by efficient meetings with minimal auditor clarification requests. 4. Maintain Real-Time Audit Status Reporting for Leadership Provide structured weekly status reports to management summarizing completed controls, pending evidence, remediation efforts, and emerging risks. Highlight any potential timeline risks at least one week in advance and recommend corrective actions. Deliver concise dashboards or summaries suitable for executive-level review. 5. Support Audit Wind-Down and Final Evidence Consolidation (September–October) Ensure all requested evidence is finalized, indexed, and stored in accordance with retention and documentation standards. Coordinate final validation checks before submission for December reporting and document lessons learned to improve next audit cycle readiness. Complete final consolidation no later than October 31. 6. Strengthen Documentation Standards and Process Efficiency During Audit Ramp-Up Identify recurring inefficiencies in evidence gathering or documentation quality and recommend process improvements during the audit cycle. Where appropriate, standardize templates or checklists to reduce repeat clarification requests from auditors. Measure improvement through reduced rework frequency over the course of the engagement. 7. Continuously Evaluate and Integrate AI to Improve Performance Within the first 90 days, evaluate how AI or automation tools can support evidence validation, tracking, document comparison, meeting summarization, and remediation monitoring. Pilot at least one AI-assisted process to streamline repetitive verification tasks or reporting preparation. Present recommendations to management outlining long-term AI integration opportunities to improve future audit readiness and reduce manual effort. Apply Now Apply Now