Information Security Consultant

We are seeking a detail-oriented and experienced Senior IT Compliance Associate / Analyst to strengthen our Global IT Compliance team. The ideal candidate will bridge the gap between technical IT operations and regulatory requirements, with a strong focus on ISO27001 and SOC 2 readiness, framework development, and continuous monitoring. They will be responsible for building and maintaining the Information Security framework, managing Information Security and SOC 2 Type 1 & Type 2 audits, and leveraging compliance automation tools such as
Drata
.

Responsibilities

1. Information Security Framework Development & Strategy

2. Framework Creation:
   Design and implement an enterprise-wide Information Security framework aligned with SOC 2 Trust Service Criteria (Security, Availability, Confidentiality, Processing Integrity, Privacy).

3. Policy Development:
   Draft and maintain security policies, standards, and procedures covering access control, incident response, vendor risk management, and data protection.
4. M&A Integration:
   Ensure new entities are seamlessly integrated into the Information Security and compliance framework during mergers and acquisitions.

5. Continuous Improvement:
   Establish a roadmap for framework maturity, ensuring scalability and adaptability to evolving compliance requirements.

6. Governance & Documentation Management

7. Control Mapping:
   Develop and maintain Risk and Control Matrices (RACMs) aligned with SOC 2 requirements.

8. Process Documentation:
   Create and update system process flows, control narratives, and evidence repositories.
9. Inventory Management:
   Maintain accurate inventories of in-scope systems, applications, IT projects, and stakeholders.

10. Template Maintenance:
    Standardize templates for SOC 2 evidence collection, remediation plans, and monitoring dashboards.

11. SOC 2 Audit Execution & Monitoring

12. SOC 2 Lifecycle Management:
    Lead the preparation, execution, and maintenance of SOC 2 Type 1 & Type 2 audits.

13. Coordinate with external auditors and internal stakeholders.
14. Ensure timely evidence collection and gap remediation.
15. Manage readiness assessments and bridge letters.
16. Audit Support:
    Organize and streamline documentation for ITGC, SOX, and SOC 2 audits.

17. Continuous Monitoring:
    Implement automated monitoring of controls using
    Drata
    , ensuring real-time compliance visibility and reporting.

18. Compliance Automation (Drata) & GRC Tools

19. Drata Administration:
    Configure, manage, and optimize Drata for SOC 2 control monitoring, evidence collection, and audit readiness.

20. Integration:
    Connect Drata with cloud platforms, HR systems, and ticketing tools to automate compliance workflows.

21. GRC Tools:
    Support broader governance initiatives using platforms such as ServiceNow GRC or AuditBoard.

22. Training & Awareness

23. Curriculum Development:
    Create training materials focused on SOC 2 compliance, data privacy, and security best practices.

24. Delivery:
    Conduct regular awareness sessions for IT staff and business stakeholders to foster a culture of compliance and security accountability.

Qualifications

• Required:
  Bachelor's or master's Degree.
• Preferred Discipline:
  Information Security, IT Operational Management, Internal Audit, or related fields.

Experience Requirements

• SOC 2 Expertise:
  Minimum 5 years of hands-on experience with SOC 2 Type 1 & Type 2 audits, including framework development and evidence management.
• Audit Lifecycle:
  3–5 years of experience managing IT compliance audits (ISO 27001, SOC, Data Privacy).
• Framework Development:
  Proven track record of building Information Security frameworks from scratch.
• Industry Knowledge:
  Preferred experience in Sports, Entertainment, or technology-driven industries.
• SDLC Proficiency:
  Strong understanding of the System Development Lifecycle (scoping, planning, development, testing, migration, go-live, hypercare).

Skills & Competencies

• Compliance Automation:
  Hands-on experience with
  Drata
  (mandatory), plus familiarity with GRC tools (ServiceNow GRC, AuditBoard).
• Technical Tools:
  Proficient in Microsoft Excel, Word, and PowerPoint for compliance reporting and visualization.
• Communication:
  Excellent interpersonal skills to engage cross-functional teams and auditors.
• Data Handling:
  Skilled in managing highly confidential and sensitive information securely.
• Project Management:
  Ability to deliver compliance initiatives on time and within budget.

Success Metrics

• Timely completion of ISO 27001, SOC 2 Type 1 & Type 2 audits with zero major findings.
• 100% accuracy in RACM documentation and evidence mapping.
• Continuous monitoring of controls via Drata or
  Manual
  with automated alerts and dashboards.
• Positive feedback from auditors and cross-functional teams on compliance guidance and training.