About the Role We are seeking an experienced SOC 2 / IT GRC Specialist Contractor to support and guide our SOC 2 Type II accreditation program. This is a critical role in a fast-moving, regulated environment, requiring hands-on experience with SOC 2 frameworks, ISO 27001, IT GRC, and GxP compliance in SaaS and cloud-hosted systems. Working closely with our Information Security, Engineering, IT, QA, and Compliance teams, the successful candidate will assess current controls, implement necessary enhancements, and lead the organization through SOC 2 readiness and audit.
Key Responsibilities
* Lead and execute SOC 2 Type II readiness activities from planning through audit support.
* Perform a gap analysis against SOC 2 Trust Services Criteria (Security, Availability, Confidentiality).
* Collaborate with control owners to define, implement, and document controls in alignment with SOC 2 and GxP expectations.
* Author, review, and enhance IT and security policies, SOPs, and governance documentation.
* Support GxP-aligned validation and change control processes where required.
* Manage risk assessments, internal audits, and remediation plans.
* Work with external auditors and vendors to support audit execution and ensure control effectiveness.
* Provide training and guidance to internal teams to embed a culture of compliance and readiness.
* Support the development, implementation, and continuous improvement of the ISO/IEC 27001-aligned ISMS
Required Skills & Experience
* Demonstrable experience leading or supporting a successful SOC 2 and ISO 27001 implementations.
* Solid understanding of the AICPA Trust Services Criteria and related IT/security controls.
* Experience working within GxP environments, particularly in relation to SaaS applications or hosted infrastructure.
* Proven ability to design and document policies and procedures that satisfy both SOC 2 and GxP requirements.
* Familiarity with validation, change control, and documentation practices in regulated industries.
* Comfortable engaging with cross-functional teams and third-party auditors.
* Self-starter with excellent organisational and project management skills.
Preferred Qualifications
* Bachelor’s degree in Information Security, Information Technology, Life Sciences, or related field.
* Experience in pharmaceutical, biotech, or healthcare technology sectors.
* Prior involvement in achieving compliance in both SOC 2 and GxP contexts.
* Familiarity with FDA 21 CFR Part 11, EU Annex 11, or similar regulations.
What We Offer
* A key role in a high-impact compliance and accreditation project.
* Remote-first working environment with flexible hours.
* Exposure to industry-leading SaaS platforms in a regulated domain.
* A collaborative team that values security, quality, and innovation.