N

Mid-Level Security Analyst / Compliance Lead (Contract, Remote)

NexusTek United State
Remote
Apply
AI Summary

Lead security operations and SOC 2 evidence collection for a fast-growing healthcare services company undergoing its first SOC 2 audit. Own day-to-day security, manage compliance platform, and support incident response. Mid-July to December 2026 engagement.

Key Highlights
First SOC 2 audit and building info sec program from scratch
Hybrid role: own day-to-day security, manage compliance platform
Support incident response, establish repeatable security processes
Key Responsibilities
Upload and manage security policies within a leading compliance automation platform
Gather, organize, and upload evidence for SOC 2 controls across the defined audit scope
Map evidence to applicable Trust Service Criteria; identify and flag gaps
Support remediation efforts and compensating controls as audit findings surface
Monitor and triage EDR alerts; perform initial investigations on security incidents
Execute incident response procedures in accordance with the client's IR plan
Handle ad hoc security and compliance tasks as directed by client leadership
Support the team in establishing repeatable security processes as the program matures
Technical Skills Required
SOC 2 compliance Compliance automation platform (Vanta) EDR platforms (CrowdStrike)
Benefits & Perks
Remote work (U.S.-based)
Contract engagement (1099 preferred)
Nice to Have
Experience in healthcare or health services organization
Familiarity with third-party audit firms and evidence submission processes
Exposure to additional frameworks such as ISO 27001, NIST RMF, GDPR, or PCI DSS
Experience with Azure environments or cloud-hosted infrastructure
Background in GRC (Governance, Risk, and Compliance) in addition to hands-on security operations

Job Description


CONTRACT OPPORTUNITY — SECURITY & COMPLIANCE

Security Analyst / Compliance Lead

Contract | Remote (U.S.-Based) | Mid-July – December 2026

Engagement Type

Contract — 1099 preferred

Rate

Commensurate with experience — details provided on initial call

Duration

Approximately 5.5–6 months — mid-July through December 31, 2026

Location

Fully remote — U.S.-based only

Hours

Full-time dedicated resource

Start Date

Mid-July 2026

The Opportunity

A fast-growing healthcare services company is undergoing its first SOC 2 audit and building its information security program from the ground up. The organization operates in a HIPAA-compliant, high-trust environment and is now taking on enterprise clients who require formal compliance credentials.

We are placing one Security Analyst / Compliance Lead as a dedicated, embedded resource. This person will function as an extension of the internal team — owning day-to-day security operations and SOC 2 evidence collection. This is a hybrid role, not a senior architect or vCISO seat, and it does not involve facing the auditor directly.

What You Will Do

  • Upload and manage security policies within a leading compliance automation platform
  • Gather, organize, and upload evidence for SOC 2 controls across the defined audit scope
  • Map evidence to applicable Trust Service Criteria; identify and flag gaps
  • Support remediation efforts and compensating controls as audit findings surface
  • Monitor and triage EDR alerts; perform initial investigations on security incidents
  • Execute incident response procedures in accordance with the client's IR plan
  • Handle ad hoc security and compliance tasks as directed by client leadership
  • Support the team in establishing repeatable security processes as the program matures

Required Qualifications

  • Hands-on experience with SOC 2 compliance — familiarity with Trust Service Criteria, evidence collection, and control mapping
  • Proficiency with Vanta or a comparable GRC / compliance automation platform
  • Working knowledge of CrowdStrike or comparable EDR platforms for alert triage and basic incident response
  • Understanding of HIPAA compliance requirements and high-trust environments
  • Ability to translate technical security controls into audit-ready documentation
  • Strong organizational skills — able to independently manage a large volume of evidence across multiple control areas
  • Available to start mid-July 2026 and commit through December 31, 2026
  • U.S.-based, available to work fully remote

Preferred Qualifications

  • Prior experience in a healthcare or health services organization
  • Familiarity with third-party audit firms and evidence submission processes
  • Exposure to additional frameworks such as ISO 27001, NIST RMF, GDPR, or PCI DSS
  • Experience with Azure environments or cloud-hosted infrastructure
  • Background in GRC (Governance, Risk, and Compliance) in addition to hands-on security operations

What This Role Is Not

  • Not a senior security architect or vCISO seat — this is a mid-level, hybrid role
  • Not the primary interface with the auditor — client leadership owns that relationship
  • Not initially scoped for vulnerability management or third-party risk — those may be added as the engagement grows

This is a confidential opportunity. Identifying details have been withheld intentionally.

Similar Jobs

Explore other opportunities that match your interests

Principal Security Architect

Cyber Security
40m ago
Visa Sponsorship Relocation Remote
Job Type Contract
Experience Level Mid-Senior level

Insight Global

United State

Information Security Analyst I

Cyber Security
1h ago

Premium Job

Sign up is free! Login or Sign up to view full details.

•••••• •••••• ••••••
Job Type ••••••
Experience Level ••••••

southern new hampshire univers...

United State

Vice President of Cybersecurity

Cyber Security
7h ago

Premium Job

Sign up is free! Login or Sign up to view full details.

•••••• •••••• ••••••
Job Type ••••••
Experience Level ••••••

Insight Global

United State

Subscribe our newsletter

New Things Will Always Update Regularly