SOC Type Five-TSC SaaS​/Cloud Compliance Lead

About the Role

FYI is seeking a SOC 2 Type 2 Five-TSC SaaS / Cloud Compliance Lead to support an active SOC 2 Type 2 program across Security, Availability, Processing Integrity, Confidentiality, and Privacy. This role will own the SOC 2 domain in a fractional capacity, including evidence review, control operation support, auditor communication support, recurring compliance cadence, and SaaS/cloud control maturity. The right candidate has supported real SOC 2 Type 2 audits and can work with engineering, IT, security, HR, operations, leadership, and auditors.

• Support SOC 2 Type 2 audit readiness and active auditor-response efforts across all five Trust Services Criteria.
• Review evidence requests and determine whether evidence is complete, partial, missing, stale, unclear, or misaligned to the control being tested.
• Draft and review auditor responses, management explanations, control narratives, and evidence summaries.
• Support control operations for access reviews, vendor risk management, risk assessment, policy review, security awareness, incident response, change management, and security steering activities.
• Review evidence for IAM, MFA, logging, monitoring, encryption, vulnerability management, secure SDLC, code review, release approvals, CI/CD security, SAST, DAST, SCA, backups, availability, confidentiality, processing integrity, and privacy controls.
• Coordinate with control owners to obtain timestamped, complete, and audit-ready artifacts.
• Help maintain the recurring compliance calendar for monthly, quarterly, and annual SOC 2 control activities.
• Support policy and documentation management, version control, approvals, and annual review cadence.
• Identify control design gaps, operating effectiveness gaps, evidence issues, and audit risks.
• Provide concise written status updates, blockers, risks, and next actions to the project manager and CISO/vCISO.

• 8+ years of cybersecurity, GRC, IT audit, compliance, SaaS security, cloud security, security consulting, or related experience.
• GRC platform experience (Drata preferred, others include Vanta or Secure Frame)
• Direct hands‑on experience supporting SOC 2 Type 2 audits.
• Experience with SaaS or cloud‑hosted application environments.
• Experience reviewing evidence for control design and operating effectiveness.
• Ability to translate audit requirements into operational tasks for engineering, IT, security, HR, legal, operations, and leadership stakeholders.
• Strong written communication skills and ability to produce auditor‑ready explanations.
• Ability to drive control owners and follow‑ups without constant prompting.
• Ability to work through ambiguity and produce clean, organized, audit‑ready documentation.

• Prior SOC 2 auditor, CPA‑firm, or audit‑support experience.
• Experience with all five Trust Services Criteria:
  Security, Availability, Processing Integrity, Confidentiality, and Privacy.
• CISA, CISSP, CISM, Security+, CPA, ISO 27001 Lead Auditor, or equivalent certification.
• Experience with Drata, Vanta, Secureframe, Hyperproof, Jira, Confluence, AWS, Azure, GCP, CI/CD tooling, SAST, DAST, SCA, vulnerability management, or cloud security tools.
• PCI DSS familiarity, especially where SOC 2 controls overlap with PCI requirements.

• SOC 2 Five‑TSC evidence and gap tracker inputs.
• Control evidence sufficiency reviews.
• Auditor response drafts and management‑response drafts.
• Control narrative and control‑description updates.
• Recurring compliance calendar inputs for access reviews, vendor reviews, risk assessments, policy reviews, steering meetings, and evidence refresh cycles.
• Policy, procedure, and documentation review notes.
• SOC 2 blocker, risk, and next‑action summaries.

This role requires a senior operator who can own the SOC 2 lane in a fractional capacity. The contractor must communicate clearly, document next actions, identify blockers early, and coordinate through the project manager. This is not a casual side task. Responsiveness, ownership, and clean written work product are required.

• Opportunity to work a hybrid work schedule
• A knowledgeable, high‑achieving, diverse, experienced, and fun team.
• The chance to be part of a rapidly growing company and the next success story.
• A competitive base salary with a loaded benefits package plus 401K.
• Tuition/education assistance, personal computer allowance, pet insurance.