1

Soc Two Auditor Jobs (NOW HIRING)

We are looking for a GRC professional who is equal parts auditor and builder. Rokt's information security management system is ISO 27001 and SOC 2 certified, and protects personal customer data ...

Own the internal SOC 2 Type II evidence collection process, keeping controls audit-ready year-round. Manage the audit timeline, day-to-day liaison with the external auditor, and remediation finding ...

Security Compliance Manager

OR · Remote

$140K - $170K/yr

Lead security certification & audit readiness (ISO 27001 / SOC 2): Drive quarterly ISO control ... Evidence management & auditor response: Prepare for internal and external audits by organizing ...

Own Kikoff's SOC 2 Type II program end-to-end, including scoping, control design, evidence collection, walkthroughs, and external auditor management. * Maintain Kikoff's PCI DSS self-attestation ...

Senior Risk and Controls Auditor

Irvine, CA

$86K - $106K/yr

Evaluate vendor SOC 1 and SOC 2 reports for third-party service providers Stakeholder Collaboration ... Collaborate with external auditors, SOX team, and other assurance providers Continuous Improvement

... SOC 2 auditors, penetration testing firms, privacy tooling providers). * Advise on incident response legal obligations, breach notification requirements, and customer communications. * Own the legal ...

next page

Showing results 1-20

Soc Two Auditor information

See salary details

$38.5K

$92.8K

$151K

How much do soc two auditor jobs pay per year?

As of Jul 18, 2026, the average yearly pay for soc two auditor in the United States is $92,797.00, according to ZipRecruiter salary data. Most workers in this role earn between $72,000.00 and $112,000.00 per year, depending on experience, location, and employer.

What is the difference between Soc Two Auditor vs Soc Two Consultant?

AspectSoc Two AuditorSoc Two Consultant
CertificationsTypically holds CPA, CISA, or similar certificationsOften has similar certifications but focuses on advisory roles
Work EnvironmentPerforms audits within organizations, often in finance or IT departmentsProvides advisory services, assessments, and recommendations to clients
Employer & Industry UsageEmployed by organizations or audit firms to conduct SOC 2 auditsWorks for consulting firms or independently to advise on SOC 2 compliance

While both roles focus on SOC 2 compliance, a Soc Two Auditor conducts formal audits to assess compliance, whereas a Soc Two Consultant provides guidance and recommendations to help organizations prepare for audits.

More about Soc Two Auditor jobs
What cities are hiring for Soc Two Auditor jobs? Cities with the most Soc Two Auditor job openings:
What states have the most Soc Two Auditor jobs? States with the most job openings for Soc Two Auditor jobs include:
Infographic showing various Soc Two Auditor job openings in the United States as of July 2026, with employment types broken down into 11% Locum Tenens, 75% Full Time, 12% Part Time, and 2% Contract. Highlights an 86% Physical, 4% Hybrid, and 10% Remote job distribution, with an average salary of $92,797 per year, or $44.6 per hour.
GRC Automation & Assurance Lead

GRC Automation & Assurance Lead

Rokt

Manhattan, NY • On-site

$214K - $255K/yr

Full-time

Medical, Retirement, PTO

Posted 23 days ago


Job description

We are Rokt, a hyper-growth ecommerce leader. Rokt is the global leader in ecommerce, unlocking real-time relevance in the moment that matters most. Rokt’s AI Brain and ecommerce Network powers billions of transactions connecting hundreds of millions of customers, and is trusted to do this by the world’s leading companies.

We are a team of builders helping smart businesses find innovative ways to meet customer needs and generate incremental revenue. Leading companies drive 10-50% of additional revenue—and often all their profits—from the extra products or services they sell. This economic edge unleashes a world of possibilities for growth and innovation.

At Rokt, we practice transparency in career paths and compensation. We believe in transparency, which is why we have a well-defined career ladder with transparent compensation and clear career paths based on competency and ability. Rokt’stars constantly strive to raise the bar, pushing the envelope of what is possible.

We are looking for a GRC Automation & Assurance Lead

Target total compensation ranges from $214,000 - $255,000, including a fixed annual salary of $174,000- $215,000, an employee equity plan grant, and world-class benefits.

Equity grants are issued in good faith and are subject to company policies, board approval, and individual eligibility.

About the Role:

We are looking for a GRC professional who is equal parts auditor and builder. Rokt's information security management system is ISO 27001 and SOC 2 certified, and protects personal customer data entrusted to us by leading global e-commerce brands with a combined 100 million transactions each month. As we scale, we are reimagining GRC as an AI-first function — one where agents and automation do the heavy lifting on evidence collection, control monitoring, questionnaire response, and audit preparation, freeing humans to focus on judgment, strategy, and stakeholder partnership.

You will own the audit, assurance, and compliance pillar of our GRC program, and you will lead the design and engineering of the agentic systems that run it. This is not a "use ChatGPT to summarise a policy" role. You will architect and ship agents on our internal Security Agent Suite, build internal GRC tools using AI coding agents like Claude Code and Cursor, and treat automation as a first-class deliverable alongside the audits you lead.

You will work closely with engineering, product, legal, finance, people, and our external auditors to drive ISO 27001, SOC 1, and SOC 2 programs to clean outcomes — and to make sure that next year, the same outcomes are achieved with materially less manual effort. You move fast, you prefer significant leaps over small iterations, and you genuinely enjoy the intersection of compliance rigour and AI engineering.

Responsibilities:

AI automation and tooling

  • Architect, build, and maintain agents on Rokt's internal Security Agent Suite for GRC workflows, including client security questionnaires, evidence collection, control testing, vendor assessments, DPIAs, and audit preparation
  • Design new GRC automations end-to-end: scope the workflow, build the agent or tool, validate outputs, and roll it out with the rest of the GRC team
  • Build internal tools and integrations using AI coding agents (Claude Code, Cursor, or equivalents) to extend our in-house GRC systems and Jira-based workflows
  • Continuously evaluate agent performance, refine prompts and tool definitions, and improve coverage and accuracy of automated controls

Audit, assurance, and compliance

  • Lead the ISO 27001:2022 surveillance and recertification cycles, and SOC 1 and SOC 2 Type 2 audits, end-to-end
  • Plan and execute Rokt's internal audit program (user access, exemptions, DPIAs, SCF controls, AI controls), ideally with agent-assisted execution
  • Drive external auditor engagement, evidence collection, and remediation tracking
  • Manage the processing of client security questionnaires using and continuously improving the questionnaire agent
  • Maintain and evolve ISMS performance metrics, including new metrics covering AI control effectiveness and automation coverage
  • Coordinate Rokt's security calendar including audit windows
  • Produce and maintain quality procedure documentation co-authored with AI assistance

Requirements

Compliance and audit experience

  • 4+ years of relevant experience in Governance, Risk & Compliance, ideally in a fast-moving tech environment
  • Working knowledge of ISO 27000 family, SOC 1, SOC 2, NIST CSF, and privacy regulations (GDPR, CCPA, CPRA); bonus for PCI-DSS, CIS, SCF, ISO 42001, NIST AI RMF
  • Hands-on internal auditing experience against ISO 27001 and SOC 2
  • Track record managing external audits end-to-end, including evidence collection, auditor engagement, and findings remediation
  • Solid grasp of controller/processor concepts and broader privacy fundamentals

AI and technical skills (this is the differentiator)

  • Demonstrated experience designing and shipping agentic AI systems — not just using a chatbot. You have built agents that take actions, call tools, integrate with APIs, and complete multi-step workflows
  • Comfortable using AI coding agents (Claude Code, Cursor, Copilot, or similar) to build and maintain internal tools; able to read, modify, and ship code even if you don't consider yourself a software engineer
  • Familiarity with at least one agent framework (Google ADK, LangGraph, OpenAI Agents SDK, MCP, or similar) and the core patterns: tool use, memory, evaluation, guardrails
  • Understanding of LLM risks and controls — prompt injection, model misuse, agent autonomy, data leakage — and how they map to frameworks like OWASP Agentic Top 10 or NIST AI RMF
  • Working knowledge of basic IT, cloud (AWS preferred), APIs, and SQL
  • Comfort with version control (Git/GitHub) and basic scripting (Python or TypeScript)

Ways of working

  • Strong written and verbal communication; able to translate technical detail into business language for leadership, clients, and auditors
  • Demonstrated ability to break complex compliance requirements into scalable, automated processes that don't slow the business down
  • Bias for shipping, comfort with ambiguity, and a builder mindset
  • Strong attention to detail balanced with willingness to use AI to extend it
  • Highly responsive, autonomous, and resilient

Benefits

About Rokt’stars:

As a mission-driven, hyper-growth community of curious explorers, our ambition is to unlock real-time relevancy in ecommerce and beyond. Our bias for action means we are not afraid to quickly venture into uncharted territories, take risks, or challenge the status quo; in doing so we either win or learn. We work together as one aligned team, never letting egos get in the way of brilliant ideas. We value diversity, transparency, and smart humble people who enjoy building a disruptive business together. We pride ourselves on being a force for good as we make the world better.

About the Benefits:

We leverage best-in-class technology and market-leading innovation in AI and ML, with all of that being underlined by building and maintaining a fantastic and inclusive culture where people can be their authentic selves, and offering a great list of perks and benefits to go with it:

  • Become a shareholder. Every Rokt’star gets equity in the company
  • Enjoy catered lunch every day and healthy snacks in the office. Plus join the gym on us!
  • Access generous retirement plans like a 4% dollar-for-dollar 401K matching plan and get fully funded premium health insurance!
  • Dog-friendly office
  • Extra leave (bonus annual leave, sabbatical leave etc.)
  • Work with the greatest talent in town
  • See the world! We have offices in New York, Seattle, Sydney, Tokyo and London

We believe we’re better together. We love spending time together and are in the office most days (teams are in the office minimum 4 days per week).

We at Rokt choose to create a company that is as diverse and inclusive as the world we live in by attracting, growing & keeping the best talent. Equal employment opportunities are available to all applicants without regard to race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.