ZipRecruiter

Log In

1

Soc 2 Analyst Jobs (NOW HIRING)

RevSpring Inc

IT Audit & Compliance Analyst

Oaks, PA

$96K - $96K/yr

Interpret and operationalize requirements from HITRUST CSF, PCI DSS, and SOC 2 standards. * Analyze regulatory language and translate it into clear, implementable control requirements for IT, Securit ...

GEI Consultants

Information Security Analyst

Wakefield, MA · On-site

$115K - $125K/yr

This position requires deep expertise in industry-standard frameworks such as NIST, CMMC, SOC-2, or equivalent, and benefits from hands-on IT Systems Administration experience. The analyst will work ...

GEI Consultants

Information Security Analyst

Wakefield, MA · On-site

$115K - $125K/yr

This position requires deep expertise in industry-standard frameworks such as NIST, CMMC, SOC-2, or equivalent, and benefits from hands-on IT Systems Administration experience. The analyst will work ...

Momentum

GRC Analyst

Dallas, TX · On-site

Own the internal SOC 2 Type II evidence collection process, keeping controls audit-ready year-round ... Analysis across the corporate entity and portfolio companies, define RTO/RPO for critical ...

next page

Showing results 1-20

All JobsSoc 2 Analyst Jobs

Soc 2 Analyst information

See salary details

$32K

$84.2K

$133.5K

How much do soc 2 analyst jobs pay per year?

As of Jun 17, 2026, the average yearly pay for soc 2 analyst in the United States is $84,207.00, according to ZipRecruiter salary data. Most workers in this role earn between $65,000.00 and $98,500.00 per year, depending on experience, location, and employer.

What are the key skills and qualifications needed to thrive as a SOC 2 Analyst, and why are they important?

To thrive as a SOC 2 Analyst, you need a solid understanding of information security principles, risk assessment methodologies, and relevant compliance frameworks, usually supported by a degree in information security or a related field. Familiarity with audit tools, governance, risk, and compliance (GRC) platforms, and certifications such as CISA or CISSP are commonly required. Attention to detail, analytical thinking, and strong communication skills help SOC 2 Analysts effectively interpret controls and coordinate with stakeholders. These competencies are crucial for ensuring organizations meet SOC 2 requirements and maintain trust with clients and regulatory bodies.

What jobs will boom in 2026?

The demand for SOC 2 analysts is expected to grow as cybersecurity and data privacy regulations increase, requiring expertise in compliance, risk management, and security audits. Roles in cybersecurity, cloud security, and IT compliance are also projected to expand significantly by 2026, driven by digital transformation and increasing cyber threats.

What jobs make $10,000 a month without a degree?

A SOC 2 Analyst typically earns less than $10,000 per month without specialized certifications and experience. High-paying roles that can reach or exceed $10,000 monthly without a degree include sales managers, real estate brokers, and certain tech roles like software developers with strong skills and certifications. These positions often require relevant experience, technical skills, or industry-specific knowledge rather than formal degrees.

What is a SOC 2 Analyst?

A SOC 2 Analyst is a professional who specializes in helping organizations achieve and maintain SOC 2 compliance, which is a widely recognized standard for managing customer data based on five trust service criteria: security, availability, processing integrity, confidentiality, and privacy. They assess internal controls, identify potential risks, and ensure that processes meet the requirements for a SOC 2 audit. SOC 2 Analysts also assist with preparing documentation, conducting risk assessments, and working with auditors to address any gaps or findings. Their work is essential for companies that handle sensitive client data and need to demonstrate trustworthiness to clients and partners.

Can you make $500,000 a year in cyber security?

A SOC 2 analyst typically earns between $70,000 and $130,000 annually, depending on experience, certifications, and location. Reaching a $500,000 salary usually requires senior roles, management positions, or specialized expertise in cybersecurity, often combined with leadership responsibilities or consulting work.

What are some common challenges faced by SOC 2 Analysts when preparing for an audit?

SOC 2 Analysts often encounter challenges such as ensuring all relevant security controls are properly documented and consistently followed across departments. Coordinating with various teams to gather evidence and remediate gaps within tight deadlines can also be demanding. Additionally, staying updated on evolving compliance requirements and translating technical controls into auditor-friendly documentation requires strong communication and organizational skills. Proactively addressing these challenges helps ensure a smoother audit process and ongoing compliance.

What is the difference between Soc 2 Analyst vs Security Analyst?

AspectSoc 2 AnalystSecurity Analyst
CertificationsSOC 2, CISSP, CISACISSP, Security+, CEH
Work EnvironmentAuditing, compliance, risk assessmentThreat detection, incident response, security monitoring
Industry UsageIT service providers, SaaS companiesAny organization with cybersecurity needs

While both roles focus on security, a Soc 2 Analyst primarily ensures compliance with SOC 2 standards through audits and assessments, whereas a Security Analyst concentrates on protecting systems from threats and managing security incidents. The Soc 2 Analyst's work is more compliance and audit-oriented, often within service providers, while Security Analysts work across various industries to safeguard digital assets.

What does a SOC 2 analyst do?

A SOC 2 analyst is responsible for assessing and ensuring that an organization’s systems and controls meet SOC 2 standards for security, availability, processing integrity, confidentiality, and privacy. They perform audits, review controls, and prepare reports to demonstrate compliance, often using tools like audit management software and working closely with IT and security teams.
More about Soc 2 Analyst jobs
What are the most commonly searched types of Soc 2 Analyst jobs? The most popular types of Soc 2 Analyst jobs are:
What job categories do people searching Soc 2 Analyst jobs look for? The top searched job categories for Soc 2 Analyst jobs are:
Soc 2 Analyst jobs near you
Infographic showing various Soc 2 Analyst job openings in the United States as of June 2026, with employment types broken down into 1% Locum Tenens, 94% Full Time, and 5% Part Time. Highlights an 81% Physical, 6% Hybrid, and 13% Remote job distribution, with an average salary of $84,207 per year, or $40.5 per hour.

IT Audit & Compliance Analyst

RevSpring Inc

Oaks, PA

$96K - $96K/yr

Full-time

Posted 6 days ago

Job description

IT Audit amp; Compliance Analyst
Position Summary
The IT Audit amp; Compliance Analyst is responsible for driving audit execution and regulatory compliance efforts across the organization, with primary accountability for HITRUST, PCI DSS, and SOC 2 frameworks. This role serves as the operational liaison between regulatory standards and internal business/technical teams, ensuring requirements are accurately interpreted, implemented, documented, and successfully validated during external assessments.
The ideal candidate has hands-on experience translating complex compliance standards into actionable requirements, coordinating enterprise-wide evidence collection, and confidently presenting documentation to external auditors.
Key Responsibilities
Regulatory Interpretation amp; Requirement Translation
  • Interpret and operationalize requirements from HITRUST CSF, PCI DSS, and SOC 2 standards.
  • Analyze regulatory language and translate it into clear, implementable control requirements for IT, Security, Engineering, Infrastructure, HR, and Business Operations teams.
  • Identify applicability of specific requirements based on system architecture, data flows, and business processes.
  • Document compliance narratives that clearly articulate how organizational processes satisfy regulatory criteria.
  • Maintain traceability between regulatory requirements and implemented controls.
Audit Coordination amp; Evidence Management
  • Lead end-to-end audit readiness activities for HITRUST certification, PCI DSS assessments (SAQ or ROC), and SOC 2 Type I/II examinations.
  • Develop and manage structured evidence request lists across departments.
  • Partner with system owners, application teams, infrastructure teams, and business stakeholders to collect accurate, complete, and audit-ready documentation.
  • Validate evidence for completeness, accuracy, and alignment with auditor expectations prior to submission.
  • Maintain organized audit repositories and version-controlled documentation.
Cross-Functional Collaboration
  • Serve as the primary point of contact between auditors and internal departments.
  • Conduct preparatory sessions with stakeholders to ensure clarity on audit expectations.
  • Guide teams in producing defensible documentation and system artifacts.
  • Resolve gaps or ambiguities in evidence through structured follow-up and remediation tracking.
  • Foster accountability for compliance obligations across the enterprise.
Audit Presentation amp; External Auditor Engagement
  • Present policies, procedures, and technical evidence directly to external auditors.
  • Provide structured walkthroughs of systems, processes, and compliance narratives.
  • Respond to auditor inquiries with clear, technically accurate explanations.
  • Defend evidence positions using regulatory language and documented standards.
  • Manage follow-up requests and supplemental documentation throughout the audit lifecycle.
Required Qualifications
  • Bachelor’s degree in Information Systems, Cybersecurity, Computer Science, Accounting, or related field.
  • 3+ years of experience in IT audit, compliance, or GRC functions.
  • Direct experience supporting or leading:
    • HITRUST CSF certification
    • PCI DSS compliance initiatives
    • SOC 2 Type I and Type II audits
  • Demonstrated experience interpreting regulatory frameworks and translating them into internal compliance requirements.
  • Experience coordinating multi-departmental evidence collection efforts.
  • Experience presenting documentation and responding directly to external auditors.
  • Strong documentation, organizational, and stakeholder management skills.
Preferred Qualifications
  • Professional certifications such as: CISA, CRISC, CISSP, PCI ISA, or HITRUST CCSFP.
  • Experience with compliance automation or GRC platforms (e.g., Archer, ServiceNow GRC, Vanta, Drata).
  • Familiarity with cloud environments (AWS, Azure, GCP) and cloud security controls.
  • Understanding of HIPAA, NIST CSF, ISO 27001, or other regulatory frameworks

Apply