We hold an active ISO 27001 certification and SOC 2 Type II attestation, and security and compliance are central to how we operate and how our customers trust us. This role reports to the Information ...
We hold an active ISO 27001 certification and SOC 2 Type II attestation, and security and compliance are central to how we operate and how our customers trust us. This role reports to the Information ...
Acumen is SOC 2 Type II certified, FFIEC-aligned, and has been recognized on the Inc. 5000, CRN MSP 500/50 , and Nashville Business Journal's Best Places to Wor k lists. Our vCISO practice provides ...
Acumen is SOC 2 Type II certified, FFIEC-aligned, and has been recognized on the Inc. 5000, CRN MSP 500/50 , and Nashville Business Journal's Best Places to Wor k lists. Our vCISO practice provides ...
Key Responsibilities • Own assigned areas of ISO 27001 and/or SOC 2 audits as technical control owner. • Act as primary technical point of contact for auditors, leading walkthroughs and ...
Quick apply
Key Responsibilities • Own assigned areas of ISO 27001 and/or SOC 2 audits as technical control owner. • Act as primary technical point of contact for auditors, leading walkthroughs and ...
Operational Governance, AVP
Burlington, MA · On-site
$100K - $160K/yr
This role will support Regulatory, SOC 1 and SOC 2 audits, as well as client-driven audit engagements. The successful candidate will bring a strong technology audit background, with demonstrated ...
Operational Governance, AVP
Burlington, MA · On-site
$100K - $160K/yr
This role will support Regulatory, SOC 1 and SOC 2 audits, as well as client-driven audit engagements. The successful candidate will bring a strong technology audit background, with demonstrated ...
Lead the company's SOC 2 Type II and HIPAA compliance initiatives from planning through certification. * Develop, draft, and maintain security, IT, and privacy policies aligned with SOC 2, HIPAA ...
Lead the company's SOC 2 Type II and HIPAA compliance initiatives from planning through certification. * Develop, draft, and maintain security, IT, and privacy policies aligned with SOC 2, HIPAA ...
This role focuses on managing ISO and SOC 2 Type 2 audits end-to-end, translating complex technical environments into audit-ready evidence, and using AI and automation to reduce the compliance burden ...
New
Quick apply
This role focuses on managing ISO and SOC 2 Type 2 audits end-to-end, translating complex technical environments into audit-ready evidence, and using AI and automation to reduce the compliance burden ...
New
GRC Automation & Assurance Lead
Manhattan, NY · On-site
$214K - $255K/yr
Rokt's information security management system is ISO 27001 and SOC 2 certified, and protects personal customer data entrusted to us by leading global e-commerce brands with a combined 100 million ...
GRC Automation & Assurance Lead
Manhattan, NY · On-site
$214K - $255K/yr
Rokt's information security management system is ISO 27001 and SOC 2 certified, and protects personal customer data entrusted to us by leading global e-commerce brands with a combined 100 million ...
GRC Automation & Assurance Lead
$214K - $255K/yr
Rokt's information security management system is ISO 27001 and SOC 2 certified, and protects personal customer data entrusted to us by leading global e-commerce brands with a combined 100 million ...
GRC Automation & Assurance Lead
$214K - $255K/yr
Rokt's information security management system is ISO 27001 and SOC 2 certified, and protects personal customer data entrusted to us by leading global e-commerce brands with a combined 100 million ...
InfoSec Manager
Manhattan, NY · On-site
Owning and running the company's SOC 2 program and broader security compliance initiatives * Developing and improving security policies, controls, and governance frameworks (SOC 2, ISO 27001, NIST)
InfoSec Manager
Manhattan, NY · On-site
Owning and running the company's SOC 2 program and broader security compliance initiatives * Developing and improving security policies, controls, and governance frameworks (SOC 2, ISO 27001, NIST)
Map detections, controls, and reporting to frameworks/standards (NIST CSF/800-53, CIS Controls, SOC 2, ISO 27001). * Drive vulnerability and exposure management with risk-based prioritization. * Run ...
Map detections, controls, and reporting to frameworks/standards (NIST CSF/800-53, CIS Controls, SOC 2, ISO 27001). * Drive vulnerability and exposure management with risk-based prioritization. * Run ...
GRC Analyst
Phoenix, AZ · On-site
Evaluate vendor controls, documentation, and compliance certifications (SOC 2, ISO, GDPR, etc.). * Analyze shared responsibility models and identify security gaps. * Review controls across IAM ...
Quick apply
GRC Analyst
Phoenix, AZ · On-site
Evaluate vendor controls, documentation, and compliance certifications (SOC 2, ISO, GDPR, etc.). * Analyze shared responsibility models and identify security gaps. * Review controls across IAM ...
Assurance Manager
Minneapolis, MN · On-site
$128K - $132K/yr
DUTIES: • Conduct and oversee SOC 1, SOC 2, and other cybersecurity and compliance evaluations, including NIST, ISO, HIPAA, departmental assessments, and the development of enterprise IT strategic ...
Assurance Manager
Minneapolis, MN · On-site
$128K - $132K/yr
DUTIES: • Conduct and oversee SOC 1, SOC 2, and other cybersecurity and compliance evaluations, including NIST, ISO, HIPAA, departmental assessments, and the development of enterprise IT strategic ...
Operational Governance, AVP
$100K - $160K/yr
This role will support Regulatory, SOC 1 and SOC 2 audits, as well as client-driven audit engagements. The successful candidate will bring a strong technology audit background, with demonstrated ...
Operational Governance, AVP
$100K - $160K/yr
This role will support Regulatory, SOC 1 and SOC 2 audits, as well as client-driven audit engagements. The successful candidate will bring a strong technology audit background, with demonstrated ...
Support various compliance reports, including SOC 1, SOC 2, and SOC 3 readiness assessments and examinations. * Review testing procedures and results to ensure accuracy, completeness, and compliance ...
Support various compliance reports, including SOC 1, SOC 2, and SOC 3 readiness assessments and examinations. * Review testing procedures and results to ensure accuracy, completeness, and compliance ...
The role also plays a key role in supporting SOC 2 compliance by enforcing consistent controls, audit-ready documentation, and system integrity across the project lifecycle. Responsibilities
The role also plays a key role in supporting SOC 2 compliance by enforcing consistent controls, audit-ready documentation, and system integrity across the project lifecycle. Responsibilities
GRC Automation & Assurance Lead
Manhattan, NY · On-site
$214K - $255K/yr
Rokt's information security management system is ISO 27001 and SOC 2 certified, and protects personal customer data entrusted to us by leading global e-commerce brands with a combined 100 million ...
Quick apply
GRC Automation & Assurance Lead
Manhattan, NY · On-site
$214K - $255K/yr
Rokt's information security management system is ISO 27001 and SOC 2 certified, and protects personal customer data entrusted to us by leading global e-commerce brands with a combined 100 million ...
Senior IT Analyst - Global Financial Controls
Chicago, IL · Hybrid
$88K - $109K/yr
Support the governance and execution of SOC 1 and SOC 2 reports, including scope definition, control mapping, and reporting timelines. * Maintain SOC control inventories, risk-control mappings, and ...
Senior IT Analyst - Global Financial Controls
Chicago, IL · Hybrid
$88K - $109K/yr
Support the governance and execution of SOC 1 and SOC 2 reports, including scope definition, control mapping, and reporting timelines. * Maintain SOC control inventories, risk-control mappings, and ...
Security & Compliance Manager
Portsmouth, NH · On-site +1
This role will be responsible for maintaining and strengthening TALON's SOC 2 security framework, HIPAA compliance program, anti-money laundering (AML) and financial risk oversight, and internal ...
Security & Compliance Manager
Portsmouth, NH · On-site +1
This role will be responsible for maintaining and strengthening TALON's SOC 2 security framework, HIPAA compliance program, anti-money laundering (AML) and financial risk oversight, and internal ...
Project Operations Manager
West Chester, OH · On-site +1
The role also plays a key role in supporting SOC 2 compliance by enforcing consistent controls, audit-ready documentation, and system integrity across the project lifecycle. Responsibilities
Project Operations Manager
West Chester, OH · On-site +1
The role also plays a key role in supporting SOC 2 compliance by enforcing consistent controls, audit-ready documentation, and system integrity across the project lifecycle. Responsibilities
Senior IT Analyst - Global Financial Controls
Chicago, IL · On-site
$88K - $109K/yr
Support the governance and execution of SOC 1 and SOC 2 reports, including scope definition, control mapping, and reporting timelines. * Maintain SOC control inventories, risk-control mappings, and ...
Senior IT Analyst - Global Financial Controls
Chicago, IL · On-site
$88K - $109K/yr
Support the governance and execution of SOC 1 and SOC 2 reports, including scope definition, control mapping, and reporting timelines. * Maintain SOC control inventories, risk-control mappings, and ...
Soc 2 information
See salary details
$11.78 - $18.03
6% of jobs
$18.03 - $24.28
7% of jobs
$24.28 - $30.53
5% of jobs
$30.53 - $36.78
4% of jobs
$37.62 is the 25th percentile. Wages below this are outliers.
$36.78 - $43.03
14% of jobs
The median wage is $46.43 / hr.
$43.03 - $49.28
24% of jobs
$49.28 - $55.53
13% of jobs
$56.31 is the 75th percentile. Wages above this are outliers.
$55.53 - $61.78
11% of jobs
$61.78 - $68.03
7% of jobs
$68.03 - $74.28
2% of jobs
$74.28 - $80.53
6% of jobs
$11
$48
$80
How much do soc 2 jobs pay per hour?
What are some typical daily responsibilities for a SOC 2 Analyst?
A SOC 2 Analyst is responsible for monitoring security alerts, analyzing potential threats, and coordinating the response to security incidents on a daily basis. They investigate suspicious activity, conduct detailed log analysis, and escalate complex cases to senior team members when necessary. Additionally, SOC 2 Analysts help fine-tune detection systems and may participate in threat hunting exercises to proactively identify vulnerabilities. The role often involves collaborating closely with IT, network, and compliance teams to ensure organizational security standards are maintained.
Is SOC 2 hard to get?
Can you make $200,000 in cyber security?
What is a SOC 2 job?
A SOC 2 job typically refers to roles related to SOC 2 compliance, which ensures that a company’s systems meet security, availability, processing integrity, confidentiality, and privacy standards. Professionals in these roles work on implementing, maintaining, and auditing SOC 2 controls to protect customer data. Common positions include compliance analysts, security auditors, and IT risk managers. These jobs require knowledge of cybersecurity frameworks, risk management, and regulatory compliance.
What is the difference between SOC 1 and SOC 2 jobs?
What does a SOC 2 do?
What are the key skills and qualifications needed to thrive in the Soc 2 position, and why are they important?
To thrive as a SOC 2 (Security Operations Center Tier 2 Analyst), you need a strong foundation in cybersecurity principles, threat analysis, and incident response, typically backed by a degree in IT or cybersecurity and relevant experience. Familiarity with SIEM tools, intrusion detection/prevention systems, and certifications like CompTIA Security+, CEH, or CISSP is highly valued. Strong analytical thinking, attention to detail, and the ability to communicate technical information clearly are key soft skills for this role. These skills are crucial for accurately detecting, investigating, and escalating security incidents to protect organizational assets.

Job description
UniUni is a late-stage last-mile logistics company moving millions of parcels across the United States and Canada for some of the largest e-commerce platforms in North America. Our technology is cloud-native on AWS. We hold an active ISO 27001 certification and SOC 2 Type II attestation, and security and compliance are central to how we operate and how our customers trust us. This role reports to the Information Security Officer and is based in North America (remote with periodic travel to UniUni hubs).
About the role
- We are hiring a Senior Security Compliance Engineer to be the operational backbone of UniUni's governance, risk, and compliance function. You will run the day-to-day machinery that keeps our ISO 27001 certification and SOC 2 Type II attestation healthy, our policies current, our customers confident, and our regulatory obligations met.
- This is a hands-on senior IC role. The Information Security Officer designs the program; you make it work. You will run audit cycles, manage evidence, drive policy lifecycles, lead customer security reviews, operate the third-party risk program, and support privacy and regulatory work. We are looking for someone who automates what should be automated, writes clearly, and treats compliance as a real engineering problem.
What you'll do
Core GRC
- Run the ISO 27001 program operations, including surveillance audit prep, internal audits, the annual risk assessment, management reviews, and corrective action tracking.
- Run the SOC 2 Type II program operations, including continuous control monitoring, evidence collection, auditor coordination, and remediation tracking.
- Operate the information security policy lifecycle: drafting, stakeholder review, approval workflows, annual reviews, version control, and employee attestations.
- Maintain the risk register, drive risk treatment plans through to closure, and prepare risk reporting for the ISO and the executive team.
- Build and maintain compliance automation, including evidence collection workflows, control testing, and dashboarding. Treat the GRC platform as a system you actively engineer, not a passive system of record.
- Plan and run security awareness training and phishing simulation cycles, and report on outcomes.
Privacy and Regulatory
- Operate UniUni's privacy program in partnership with legal, including data inventories, data flow mapping, retention schedules, and privacy impact assessments.
- Execute on regulatory obligations relevant to our business, including the DOJ Data Security Program, Canadian PIPEDA, and applicable US state privacy laws.
- Coordinate the response to data subject access requests (DSARs) and privacy inquiries within statutory timelines.
- Track regulatory developments across the jurisdictions in which UniUni operates and translate them into concrete control changes, evidence requirements, and policy updates.
- Support data residency and data minimization commitments, working with engineering and the data security team to verify they hold in practice.
Customer Reviews and Third-Party Risk
- Lead the response to customer security questionnaires, RFP security sections, and prospect security reviews, in partnership with sales, legal, and the ISO.
- Review and negotiate the security and privacy clauses in customer and vendor contracts, escalating material issues to the ISO and legal.
- Run UniUni's third-party risk management program: vendor inventory, tiering by risk, due diligence, security review of new vendors, periodic reassessment of existing vendors, and remediation tracking.
- Operate the trust center and the security artifact library (SOC 2 reports, ISO certificates, pen test summaries, security overviews) and keep customer-facing materials current and accurate.
Across All of It
- Be a credible representative of UniUni's security posture in front of customers, auditors, and regulators.
- Write clearly and precisely. The work product of this role lands in front of customers, auditors, regulators, and executives, and it has to hold up.
- Partner with engineering, IT, legal, HR, and finance to make compliance a normal part of how the business runs, not an interrupt.
Qualifications
- 5 to 8 years in security GRC, audit, or a closely related discipline, with hands-on ownership of ISO 27001 and SOC 2 program operations in a cloud-native organization.
- Direct experience driving SOC 2 Type II audit cycles end to end, including auditor coordination, evidence collection, and remediation.
- Working knowledge of common control frameworks beyond ISO and SOC (NIST CSF, NIST 800-53, CIS) and the ability to map between them.
- Experience operating a GRC platform (e.g., Vanta, Drata, Secureframe, Hyperproof, ServiceNow GRC, OneTrust) as a power user, including building automated evidence pipelines and control tests.
- Experience leading customer security questionnaires and security reviews for enterprise customers, including reviewing security and privacy clauses in contracts.
- Familiarity with privacy regulation in North America, including PIPEDA and US state privacy laws, and a working understanding of cross-border data transfer requirements.
- Experience operating a third-party risk management program at meaningful vendor volume.
- Strong written communication. You can produce auditor-ready documentation, customer-ready security narratives, and executive-ready risk summaries, and you know which is which.
- A pragmatic, automation-first mindset. You are bothered by manual evidence collection and you do something about it
Nice to Have
- Experience in logistics, supply chain, marketplaces, or other high-volume operational businesses.
- Familiarity with the DOJ Data Security Program and bulk data transfer rules.
- Light scripting ability (Python, SQL) for automating evidence collection or building control queries against AWS, identity providers, and SaaS platforms.
- Relevant certifications such as ISO 27001 Lead Auditor or Lead Implementer, CISA, CISM, CIPP, or CRISC.
- Prior experience supporting a company through a customer-driven security maturation, an investor due diligence cycle, or IPO readiness.
Why This Role
This is a senior IC role with end-to-end ownership and visible impact. You will work directly with the Information Security Officer in a security function with executive commitment, a live ISO 27001 certification, and an active SOC 2 Type II attestation. You will be in the room for customer security conversations, in the loop on regulatory questions, and in the driver's seat on the audit cycles that protect both.
About UNIUNI
Sourced by ZipRecruiter