Requirements
- 2 to 6 years of professional experience in information security, IT auditing, SOC governance, or security compliance
- Direct involvement in SOC audits or compliance-related tasks
- Practical understanding of SOC 2 and IT General Controls (ITGC) frameworks
- Experience performing control testing and gathering compliance evidence
- Demonstrated ability to apply security compliance principles in real-world environments
Nice to Have
- Knowledge of ISO 27001 standards and practices
- Familiarity with NIST Cybersecurity Framework (CSF) and Special Publication 800-53
- Understanding of AICPA Trust Services Criteria for system evaluations
- Experience supporting or managing vulnerability scanning with Nessus
- Hands-on work with Microsoft Intune for endpoint compliance and security assurance
- Experience using Microsoft Purview for data loss prevention and classification
- Strong written and verbal communication skills for stakeholder engagement
- Analytical mindset with attention to detail in compliance assessments
- Proven ability to document processes and findings clearly
- CISA certification or active pursuit of certification
- Foundational or lead auditor certification in ISO 27001
- CRISC certification
- Microsoft Security fundamentals training or certification
- Prior experience in audit support or control evaluation roles
Work Arrangement
Remote (Worldwide) — Evanston, Illinois
Preferred
- Familiarity with ISO 27001
- NIST CSF / 80053
- AICPA Trust Services Criteria
- Experience working with or supporting Nessus (vulnerability scanning & remediation tracking)
- Microsoft Intune (device compliance / endpoint security assurance)
- Microsoft Purview (DLP, data classification, compliance tooling)
- Strong documentation, analytical, and stakeholder communication skills.
- Certifications (nice to have, not mandatory):
- CISA
- ISO 27001 Foundation or LA
- CRISC
- Microsoft Security fundamentals
