Security; SOC​/HIPAA Auditor - Connecticut

Position will be based out of our Guilford CT Office with Wednesdays each week onsite in Guilford.
* Unable to sponsor.

The Security Auditor (SOC/GRC) is responsible for maintaining the organization’s governance, risk, and compliance program, overseeing daily security and compliance operations, and ensuring adherence to industry standards such as HIPAA and SOC 2. This role combines hands‑on GRC execution, audit readiness, and cross‑functional collaboration to protect the organization’s information assets, maintain customer trust, and support business growth. This non‑managing (individual contributor) role serves as a key advisor to leadership, a partner to auditors and clients, and a leader of internal governance and risk management initiatives.

• Lead and manage daily operations of the Security & Compliance function, including workflow analysis, priority setting, standards development, and deadline management
• Assign, review, and guide the work of security engineers and compliance analysts to ensure high‑quality, timely execution
• Serve as a trusted partner to directors, managers, vendors, and external stakeholders to resolve issues and drive alignment

• Own and maintain the company’s internal compliance program and GRC automation platform
• Lead SOC 2 Type II audit readiness, coordination, and execution; support internal and external auditors during assessments
• Conduct periodic internal security and compliance reviews and audits
• Create, review, maintain, and enforce security and compliance policies and procedures aligned to NIST standards
• Assess product, operational, and compliance risks; partner with the Risk Management Board to develop mitigation strategies
• Actively participate as a member of the Enterprise Governance Board
• Support and mature the Third‑Party Risk Management (TPRM) program, including vendor risk assessments and documentation review

• Administer the organization’s physical security program, including access control systems and camera management
• Coordinate and lead incident response tabletop exercises in collaboration with IT, Legal, HR, and other departments
• Develop, administer, and continuously improve Security Awareness Training for new hires and employees where necessary

• Respond to customer security questionnaires and lead in‑person or virtual compliance reviews with clients
• Clearly communicate security posture, controls, and compliance practices to build trust and support sales and client retention

• 7+ years of progressive experience in Information Security, Compliance, and GRC roles
• Demonstrated experience leading SOC 2 Type II and HIPAA audits and compliance programs
• Strong working knowledge of NIST frameworks, risk management, and policy governance
• Experience working with GRC tools and automation platforms
• Strong written communication skills with the ability to draft, edit, and maintain clear policies and documentation
• Exceptional attention to detail, time management, and organizational skills