1

Contract Soc Two Audit Jobs (NOW HIRING)

Advisory Senior - SOC Audit

Camp Hill, PA · On-site

$80K - $98K/yr

This role plays a key part in delivering high-quality SOC 1 and SOC 2 audits and helping clients protect their organizational assets - including intellectual property, personnel data, business ...

Advisory Senior - SOC Audit

Camp Hill, PA · On-site

$80K - $98K/yr

This role plays a key part in delivering high-quality SOC 1 and SOC 2 audits and helping clients protect their organizational assets -- including intellectual property, personnel data, business ...

Apply Early

Ensure documentation is audit-ready, consistent, and aligned with SOC 2 Trust Services Criteria ... Contract Duration: 6M Work Setting: Remote (US) Some overlap with Eastern and PST time zones is ...

We are seeking a Senior Manager of Compliance to lead and manage Quadient's USPS SOC 1 and SOC 2 programs. This role is responsible for audit execution, control design, and ongoing risk assessment ...

We are seeking a Senior Manager of Compliance to lead and manage Quadient's USPS SOC 1 and SOC 2 programs. This role is responsible for audit execution, control design, and ongoing risk assessment ...

Own the internal SOC 2 Type II evidence collection process, keeping controls audit-ready year-round. Manage the audit timeline, day-to-day liaison with the external auditor, and remediation finding ...

IT Project Manager

Chicago, IL · On-site

$90K - $110K/yr

Your first priority will be preparing the organization for our SOC 2 audit; from there, you'll own the IT and security project portfolio that supports our platform and affiliate companies. PLEASE ...

next page

Showing results 1-20

Contract Soc Two Audit information

See salary details

$63K

$117.7K

$172.5K

How much do contract soc two audit jobs pay per year?

As of Jul 4, 2026, the average yearly pay for contract soc two audit in the United States is $117,671.00, according to ZipRecruiter salary data. Most workers in this role earn between $96,000.00 and $141,500.00 per year, depending on experience, location, and employer.
More about Contract Soc Two Audit jobs
What cities are hiring for Contract Soc Two Audit jobs? Cities with the most Contract Soc Two Audit job openings:
What states have the most Contract Soc Two Audit jobs? States with the most job openings for Contract Soc Two Audit jobs include:
What job categories do people searching Contract Soc Two Audit jobs look for? The top searched job categories for Contract Soc Two Audit jobs are:
Infographic showing various Contract Soc Two Audit job openings in the United States as of June 2026, with employment types broken down into 100% Full Time. Highlights an 100% In-person job distribution, with an average salary of $117,671 per year, or $56.6 per hour.
SOC 2 Type 2 Five-TSC SaaS / Cloud Compliance Lead

SOC 2 Type 2 Five-TSC SaaS / Cloud Compliance Lead

FYI For Your Information Inc

Silver Spring, MD • Remote

Full-time

Retirement

Posted 15 days ago


Job description

FYI - For Your Information, Inc. is an SBA certified, Woman-Owned Small Business and GSA schedule holder that is a premier provider of Human Capital, Training, and Information Technology services. We have won awards for being a Great Place to Work and continue to make ground-breaking advancements. For four years in a row, we have been on Inc. Magazine's 5000 list and were recently named one of Inc.'s 2024 Mid-Atlantic Fastest Growing companies.

About the role

FYI is seeking a SOC 2 Type 2 Five-TSC SaaS / Cloud Compliance Lead to support an active SOC 2 Type 2 program across Security, Availability, Processing Integrity, Confidentiality, and Privacy. This role will own the SOC 2 domain in a fractional capacity, including evidence review, control operation support, auditor communication support, recurring compliance cadence, and SaaS/cloud control maturity. The right candidate has supported real SOC 2 Type 2 audits and can work with engineering, IT, security, HR, operations, leadership, and auditors.

Essential responsibilities and duties

  • Support SOC 2 Type 2 audit readiness and active auditor-response efforts across all five Trust Services Criteria.
  • Review evidence requests and determine whether evidence is complete, partial, missing, stale, unclear, or misaligned to the control being tested.
  • Draft and review auditor responses, management explanations, control narratives, and evidence summaries.
  • Support control operations for access reviews, vendor risk management, risk assessment, policy review, security awareness, incident response, change management, and security steering activities.
  • Review evidence for IAM, MFA, logging, monitoring, encryption, vulnerability management, secure SDLC, code review, release approvals, CI/CD security, SAST, DAST, SCA, backups, availability, confidentiality, processing integrity, and privacy controls.
  • Coordinate with control owners to obtain timestamped, complete, and audit-ready artifacts.
  • Help maintain the recurring compliance calendar for monthly, quarterly, and annual SOC 2 control activities.
  • Support policy and documentation management, version control, approvals, and annual review cadence.
  • Identify control design gaps, operating effectiveness gaps, evidence issues, and audit risks.
  • Provide concise written status updates, blockers, risks, and next actions to the project manager and CISO/vCISO.

Required qualifications

  • 8+ years of cybersecurity, GRC, IT audit, compliance, SaaS security, cloud security, security consulting, or related experience.
  • GRC platform experience (Drata preferred, others include Vanta or SecureFrame)
  • Direct hands-on experience supporting SOC 2 Type 2 audits.
  • Experience with SaaS or cloud-hosted application environments.
  • Experience reviewing evidence for control design and operating effectiveness.
  • Ability to translate audit requirements into operational tasks for engineering, IT, security, HR, legal, operations, and leadership stakeholders.
  • Strong written communication skills and ability to produce auditor-ready explanations.
  • Ability to drive control owners and follow-ups without constant prompting.
  • Ability to work through ambiguity and produce clean, organized, audit-ready documentation.

Nice to have

  • Prior SOC 2 auditor, CPA-firm, or audit-support experience.
  • Experience with all five Trust Services Criteria: Security, Availability, Processing Integrity, Confidentiality, and Privacy.
  • CISA, CISSP, CISM, Security+, CPA, ISO 27001 Lead Auditor, or equivalent certification.
  • Experience with Drata, Vanta, Secureframe, Hyperproof, Jira, Confluence, AWS, Azure, GCP, CI/CD tooling, SAST, DAST, SCA, vulnerability management, or cloud security tools.
  • PCI DSS familiarity, especially where SOC 2 controls overlap with PCI requirements.

Expected deliverables

  • SOC 2 Five-TSC evidence and gap tracker inputs.
  • Control evidence sufficiency reviews.
  • Auditor response drafts and management-response drafts.
  • Control narrative and control-description updates.
  • Recurring compliance calendar inputs for access reviews, vendor reviews, risk assessments, policy reviews, steering meetings, and evidence refresh cycles.
  • Policy, procedure, and documentation review notes.
  • SOC 2 blocker, risk, and next-action summaries.

Operating style required

This role requires a senior operator who can own the SOC 2 lane in a fractional capacity. The contractor must communicate clearly, document next actions, identify blockers early, and coordinate through the project manager. This is not a casual side task. Responsiveness, ownership, and clean written work product are required.

FYI's Benefits/Incentives: What is in it for you?

  • Opportunity to work a hybrid work schedule
  • A knowledgeable, high-achieving, diverse, experienced, and fun team.
  • The chance to be part of a rapidly growing company and the next success story.
  • A competitive base salary with a loaded benefits package plus 401K.
  • Tuition/education assistance, personal computer allowance, pet insurance.