Senior Security & Compliance Consultant - IT

Job Title: Senior Security & Compliance Consultant (Independent Contractor, Remote).

Company: US-based SaaS company.

Location: Remote (Must work US hours, 6 AM - 2 PM Pacific Time or 9am 5pm Eastern Time).

Compensation: $3,500-$4,000/month USD.

- The Senior Security & Compliance Consultant will oversee the full lifecycle of Company's information security operations, including SOC 2 (BDO) and ISO 27001 audits, penetration and vulnerability testing, RFP security responses, and policy management.

- This role requires hands-on experience with security frameworks, vendor risk management, and compliance documentation.

- You'll work closely with Company's Legal, IT, and Engineering teams to maintain a secure and audit-ready environment aligned with industry standards.

Key Responsibilities.

Audit, Certification & Governance.

- Serve as internal lead for SOC 2, ISO AI, and ISO 27001 readiness, evidence collection, and auditor coordination.

- Maintain and update Company's Statement of Applicability (SOA) and control library.

- Manage security responses for client RFPs and due diligence questionnaires.

Security Operations.

- Oversee penetration testing and vulnerability testing (Tenableio) cycles; track and validate remediation.

- Maintain and enforce security-related policies, including access control, incident response, and DPA compliance.

- Conduct monthly IT security plan reviews and update internal reports.

- Manage change control, vendor security protocols, and breach notification procedures.

Risk & Asset Management.

- Conduct and document monthly risk assessments, including:.

- Review of Advanced Networks reports.

- Permission changes and audit logs.

- Data asset inventory.

- Hardware asset management and secure disposal tracking.

- Support vendor due diligence, reviewing risk scores, contracts, and compliance posture.

Documentation & Continuous Improvement.

- Maintain a comprehensive repository of policies, risk assessments, and testing results.

- Recommend process or control improvements based on audit findings and security trends.

- Support Legal with client and regulator data protection obligations (GDPR, CCPA, etc.

Qualifications:

- 5+ years in information security, risk, or compliance (ideally within SaaS or regulated industries).

- Direct experience with SOC 2, ISO 27001, or similar control frameworks.