Senior Security & Compliance Consultant

Job Title:

Company:

Location:

Compensation:

The Senior Security & Compliance Consultant will oversee the full lifecycle of Company's information security operations, including SOC 2 (BDO) and ISO 27001 audits, penetration and vulnerability testing, RFP security responses, and policy management. This role requires hands-on experience with security frameworks, vendor risk management, and compliance documentation.

You’ll work closely with Company's Legal, IT, and Engineering teams to maintain a secure and audit-ready environment aligned with industry standards.

Key Responsibilities

Audit, Certification & Governance

• Serve as internal lead for SOC 2, ISO AI, and ISO 27001 readiness, evidence collection, and auditor coordination.
• Maintain and update Company's Statement of Applicability (SOA) and control library.
• Manage security responses for client RFPs and due diligence questionnaires.

Security Operations

• Oversee penetration testing and vulnerability testing (Tenable.io) cycles; track and validate remediation.
• Maintain and enforce security-related policies, including access control, incident response, and DPA compliance.
• Conduct monthly IT security plan reviews and update internal reports.
• Manage change control, vendor security protocols, and breach notification procedures.

Risk & Asset Management

• Conduct and document monthly risk assessments, including:
• Review of Advanced Networks reports
• Permission changes and audit logs
• Data asset inventory
• Hardware asset management and secure disposal tracking
• Support vendor due diligence, reviewing risk scores, contracts, and compliance posture.

Documentation & Continuous Improvement

• Maintain a comprehensive repository of policies, risk assessments, and testing results.
• Recommend process or control improvements based on audit findings and security trends.
• Support Legal with client and regulator data protection obligations (GDPR, CCPA, etc.).

Qualifications

• 5+ years in information security, risk, or compliance (ideally within SaaS or regulated industries).
• Direct experience with SOC 2, ISO 27001, or similar control frameworks.
• Working knowledge of Tenable.io, or equivalent vendor risk platforms.
• Strong understanding of data protection, access control, and change management.
• Excellent writing and analytical skills; able to draft RFP responses and security documentation clearly.
• Certifications (preferred): CISA, CISSP, CRISC, or ISO 27001 Lead Implementer.