​This is a full-time, Experienced contract role based in the United States. The position is heavily focused on the modern “Compliance-as-Code” movement, specifically utilizing automation platforms to maintain high-trust standards like SOC 2. It is an ideal role for an analyst who understands the intersection of cloud-native engineering and rigorous regulatory auditing.

• ​Location: Remote (United States).
• ​Employment Type: Contract.
• ​Core Focus: SOC 2 Type I/II, GRC, and Third-Party Audits.
• ​Primary Tooling: Drata and Vanta (Compliance automation).
• ​Frameworks: SOC 2, NIST, ISO 27001.

​Key Responsibilities: Automating Trust

​The Analyst serves as the primary driver for organizational trust, ensuring that security controls are not just designed, but continuously verified through automation.

​SOC 2 & Audit Lifecycle

​You will lead the readiness and ongoing maintenance of SOC 2 Type I and Type II reports. This involves constant evidence collection, control testing, and acting as the central liaison for external auditors during the examination window.

​Compliance Automation (Drata/Vanta)

​A primary task is the administration and optimization of platforms like Drata or Vanta. You will configure these tools to monitor your cloud environment (AWS/Azure/GCP) in real-time, mapping technical configurations to specific compliance controls.

​GRC & Risk Management

​You will support internal GRC functions by conducting risk assessments, managing the policy lifecycle, and implementing control frameworks like NIST or ISO 27001. You’ll collaborate with engineering and IT to ensure that security controls are enforceable and integrated into their existing workflows.

​Metrics & Reporting

​You are responsible for monitoring compliance KPIs and preparing executive-level reporting for leadership and the board, demonstrating the health and maturity of the security program.

​Required Qualifications

​The organization is looking for a GRC specialist who is comfortable in a high-growth, technically fluid environment.

• ​Experience: 3+ years in cybersecurity, compliance, or GRC.
• ​Specialization: Hands-on experience with SOC 2 audits and the use of automated compliance platforms (Vanta, Drata, etc.).
• ​Framework Knowledge: Strong grasp of risk management frameworks and the technical implementation of security controls.
• ​Auditor Relations: Proven experience managing external auditors and coordinating the “Pull List” for evidence.
• ​Certifications (Plus): CISA (Certified Information Systems Auditor), CISSP, or CRISC.

​Bonus Points

• ​Environment: Experience in Cloud-native or SaaS environments.
• ​Broad Compliance: Familiarity with HIPAA, GDPR, or ISO 27001.
• ​Culture: Previous experience in a startup or fast-growing tech company where agility is key.

​Why This Role is Unique

​This isn’t a “paperwork” compliance job. Because it relies on tools like Vanta and Drata, the role is more about Technical GRC—monitoring APIs, checking cloud configurations, and working with engineers to automate evidence. It moves the needle from “annual audits” to “continuous compliance.”