Information Security Consultant - System and Organization Controls (SOC 1 / SOC 2) Compliance

Information Security Consultant (SOC Compliance)

at Tevora

Irvine, CA or Fairfax, VA

If you haven’t heard of Tevora, it’s because we’ve done our job!

Tevora is a tight-knit community of professionals with a shared passion for our craft. Every day, we combine in-depth knowledge of cybersecurity, technology, and compliance to help create more secure digital environments. To Tevorans, every problem is a puzzle in need of solving. We strongly believe that if we put smart, driven people in a room together, they will accomplish great things. We maintain a supportive culture that celebrates continuous learning, diverse perspectives, and sharing the wins. That's why we have our eyes on you.

What’s the role?

Tevora is seeking an Information Security Analyst to join the SOC Compliance team.This role on the SOC Compliance team is looking for a passionate individual who has a solid balance between business acumen and technical expertise. Comfortable across various disciplines of information security, this consultant will be responsible for assessing System and Organization Controls (SOC) compliance, for SOC 1 and SOC 2, on a wide variety of client projects for some of the world's largest organizations. Other compliance frameworks this role will work on may include ISO 27001 and PCI as well as GRC support for clients. This role will also provide mentorship to junior team members and participate in ongoing training opportunities.The successful candidate for this role will be detail-orientated, have a solution-focused attitude, and possess strong written and verbal communication skills.

A day in the life could include:

• Participating in and leading IT and Compliance assessments, audits, gap analyses, and remediation.
• Leading and actively contributing to projects in the areas of System and Organization Controls (SOC 1 & SOC 2) Compliance assessments.
• Communicating with project stakeholders to effectively convey the requirements of technical and process improvements.
• Supporting various information security compliance projects, such as PCI or ISO gap assessments.
• Assisting in the development of customized policies, procedures, controls, disaster recovery plans and other documentation for applications, systems, and infrastructure for our clients.
• Managing policy exceptions, including working directly with the teams to document exceptions, and identifying compensating controls and remediation action plans.
• Take on additional responsibilities as needed or as new opportunities arise. Proactively support the team with tasks and projects that emerge over time.

Necessary skills and qualifications:

• Completed minimum 2 years of experience in information security, information technology, business consulting, enterprise risk, or compliance field.
• Hold at least one Auditing, Risk, or IT certification from the following list: CISSP, CISA, CISM, CRISC, ISO Lead Auditor, or Military equivalent.
• Possess knowledge of common IT and security concepts such as firewall management, server management, access control, and authentication.
• Ability to connect easily with clients and colleagues to communicate effectively across business and technical boundaries- to offer recommendations as an expert with best practices.
• Ability to work independently without detailed guidance.
• Proficient in writing executive-level reports and technical documentation.
• Proficient in MS Office tools and basic professional acumen.

Bonus Points

• Hold a bachelor’s degree from an accredited 4-year university
• Demonstrated experience in at least one other information security compliance assessment (ISO 27001, PCI Level 1, HITRUST) or Military equivalent.
• Prior or current CPA license
• Commitment to continued learning

We’ve got you covered!

• Comprehensive benefits including: Medical, Dental, Vision & Basic Life Insurance
• Paid Vacations, Sick Time, & Holidays
• 401 (k) with discretionary company match
• Vibrant work culture

Additional requirements:

• Eligibility to work in the United States.

EEOC Statement

Tevora is proud to be an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, disability status, or other applicable legally protected characteristics.