Lead security operations and SOC 2 evidence collection for a fast-growing healthcare services company undergoing its first SOC 2 audit. Own day-to-day security, manage compliance platform, and support incident response. Mid-July to December 2026 engagement.
Key Highlights
Key Responsibilities
Technical Skills Required
Benefits & Perks
Nice to Have
Job Description
CONTRACT OPPORTUNITY — SECURITY & COMPLIANCE
Security Analyst / Compliance Lead
Contract | Remote (U.S.-Based) | Mid-July – December 2026
Engagement Type
Contract — 1099 preferred
Rate
Commensurate with experience — details provided on initial call
Duration
Approximately 5.5–6 months — mid-July through December 31, 2026
Location
Fully remote — U.S.-based only
Hours
Full-time dedicated resource
Start Date
Mid-July 2026
The Opportunity
A fast-growing healthcare services company is undergoing its first SOC 2 audit and building its information security program from the ground up. The organization operates in a HIPAA-compliant, high-trust environment and is now taking on enterprise clients who require formal compliance credentials.
We are placing one Security Analyst / Compliance Lead as a dedicated, embedded resource. This person will function as an extension of the internal team — owning day-to-day security operations and SOC 2 evidence collection. This is a hybrid role, not a senior architect or vCISO seat, and it does not involve facing the auditor directly.
Interested in remote work opportunities in Cyber Security? Discover Cyber Security Remote Jobs featuring exclusive positions from top companies that offer flexible work arrangements.
- Upload and manage security policies within a leading compliance automation platform
- Gather, organize, and upload evidence for SOC 2 controls across the defined audit scope
- Map evidence to applicable Trust Service Criteria; identify and flag gaps
- Support remediation efforts and compensating controls as audit findings surface
- Monitor and triage EDR alerts; perform initial investigations on security incidents
- Execute incident response procedures in accordance with the client's IR plan
- Handle ad hoc security and compliance tasks as directed by client leadership
- Support the team in establishing repeatable security processes as the program matures
- Hands-on experience with SOC 2 compliance — familiarity with Trust Service Criteria, evidence collection, and control mapping
- Proficiency with Vanta or a comparable GRC / compliance automation platform
- Working knowledge of CrowdStrike or comparable EDR platforms for alert triage and basic incident response
- Understanding of HIPAA compliance requirements and high-trust environments
- Ability to translate technical security controls into audit-ready documentation
- Strong organizational skills — able to independently manage a large volume of evidence across multiple control areas
- Available to start mid-July 2026 and commit through December 31, 2026
- U.S.-based, available to work fully remote
Browse our curated collection of remote jobs across all categories and industries, featuring positions from top companies worldwide.
- Prior experience in a healthcare or health services organization
- Familiarity with third-party audit firms and evidence submission processes
- Exposure to additional frameworks such as ISO 27001, NIST RMF, GDPR, or PCI DSS
- Experience with Azure environments or cloud-hosted infrastructure
- Background in GRC (Governance, Risk, and Compliance) in addition to hands-on security operations
- Not a senior security architect or vCISO seat — this is a mid-level, hybrid role
- Not the primary interface with the auditor — client leadership owns that relationship
- Not initially scoped for vulnerability management or third-party risk — those may be added as the engagement grows
Similar Jobs
Explore other opportunities that match your interests