CONTRACT OPPORTUNITY — SECURITY & COMPLIANCE
Contract | Remote (U.S.-Based) | Mid-July – December 2026
Contract — 1099 preferred
Commensurate with experience — details provided on initial call
Approximately 5.5–6 months — mid-July through December 31, 2026
Fully remote — U.S.-based only
Full-time dedicated resource
A fast-growing healthcare services company is undergoing its first SOC 2 audit and building its information security program from the ground up. The organization operates in a HIPAA-compliant, high-trust environment and is now taking on enterprise clients who require formal compliance credentials.
We are placing one Security Analyst / Compliance Lead as a dedicated, embedded resource. This person will function as an extension of the internal team — owning day-to-day security operations and SOC 2 evidence collection. This is a hybrid role, not a senior architect or vCISO seat, and it does not involve facing the auditor directly.
- Upload and manage security policies within a leading compliance automation platform
- Gather, organize, and upload evidence for SOC 2 controls across the defined audit scope
- Map evidence to applicable Trust Service Criteria; identify and flag gaps
- Support remediation efforts and compensating controls as audit findings surface
- Monitor and triage EDR alerts; perform initial investigations on security incidents
- Execute incident response procedures in accordance with the client's IR plan
- Handle ad hoc security and compliance tasks as directed by client leadership
- Support the team in establishing repeatable security processes as the program matures
- Hands-on experience with SOC 2 compliance — familiarity with Trust Service Criteria, evidence collection, and control mapping
- Proficiency with Vanta or a comparable GRC / compliance automation platform
- Working knowledge of CrowdStrike or comparable EDR platforms for alert triage and basic incident response
- Understanding of HIPAA compliance requirements and high-trust environments
- Ability to translate technical security controls into audit-ready documentation
- Strong organizational skills — able to independently manage a large volume of evidence across multiple control areas
- Available to start mid-July 2026 and commit through December 31, 2026
- U.S.-based, available to work fully remote
- Prior experience in a healthcare or health services organization
- Familiarity with third-party audit firms and evidence submission processes
- Exposure to additional frameworks such as ISO 27001, NIST RMF, GDPR, or PCI DSS
- Experience with Azure environments or cloud-hosted infrastructure
- Background in GRC (Governance, Risk, and Compliance) in addition to hands-on security operations
- Not a senior security architect or vCISO seat — this is a mid-level, hybrid role
- Not the primary interface with the auditor — client leadership owns that relationship
- Not initially scoped for vulnerability management or third-party risk — those may be added as the engagement grows
This is a confidential opportunity. Identifying details have been withheld intentionally.