IT Audit and Compliance Consultant

Hiring a Senior Information Security Auditor to lead client-facing engagements across SOC, HIPAA, and Information Security assessments. This is a hands-on, senior-level role with strong visibility, ownership, and the opportunity to shape both client outcomes and internal methodologies.

C2C/C2H NOT ACCEPTED - 3RD PARTY VENDORS - PLEASE DON'T CONTACT!

What You’ll Do
• Lead and execute SOC 1 & SOC 2 (Type I & II) assessments in accordance with AICPA attestation standards
• Perform HIPAA Security & Privacy Rule assessments, including risk analyses and gap assessments
• Evaluate the design and effectiveness of controls across security, availability, processing integrity, confidentiality, and privacy
• Develop audit programs, testing strategies, and workpapers that meet professional standards
• Conduct client walkthroughs, interviews, and evidence collection across technical and business teams
• Deliver clear, actionable audit reports, findings, and remediation recommendations
• Assess control environments against frameworks such as AICPA TSC, HIPAA, CIS Controls, and NIST (CSF / 800-53)
• Identify risks and communicate findings to both technical and non-technical stakeholders
• Support vendor risk and third-party assessments
• Contribute to improving internal audit methodologies and best practices
• Stay current on evolving compliance standards and security frameworks

What We’re Looking For
• 5+ years of experience in SOC audits, IT audit, or cybersecurity compliance
• Strong experience with SOC 1 / SOC 2 and/or HIPAA assessments
• Deep understanding of control frameworks (AICPA TSC, NIST, CIS, etc.)
• Experience leading engagements and working directly with clients
• Strong writing skills with the ability to clearly communicate audit results
• Relevant certifications preferred (CPA, CISA, CISSP, or similar)

Why Join Us
• High-growth advisory environment with strong leadership visibility
• Opportunity to own engagements end-to-end
• Influence and help shape audit methodologies and delivery standards
• Diverse client exposure across industries

Note to Agency Recruiters: ComResource will not pay a fee for any placement resulting from the receipt of an unsolicited resume. All unsolicited resumes sent to any ComResource colleagues, directly or indirectly, will be considered ComResource property.