Information Technology Auditor
Company Overview GreenHat Assurance is a licensed CPA firm specializing in SOC 2 attestation engagements. We produce defensible Type I and Type II reports through rigorous scoping, disciplined sampling, and clear, audit-ready evidence documentation. Our work supports procurement diligence, investor requirements, and regulatory expectations for modern technology organizations. Our approach is practical and evidence-driven. We care about quality, clarity, and documentation that stands up to scrutiny. We focus on controls that actually operate in real environments and on audit workpapers that hold up under peer review. Role Overview GreenHat Assurance is hiring a full-time SOC 2 reputed company to support SOC 2 Type I and Type II engagements from planning through report delivery. This role is remote and focused on evaluating control design and operating effectiveness, analyzing evidence, documenting results, and contributing to high-quality SOC 2 reporting. This is a strong fit for someone who enjoys technical environments, can communicate clearly, and wants to build deep expertise in SOC 2 execution, control testing, and trust services reporting. What You’ll Do (Key Responsibilities)
- Plan and execute SOC 2 engagements (Type I and Type II), including scoping, audit plans, request lists, interview schedules, and testing approaches.
- Conduct walkthroughs and stakeholder interviews (reputed company, IT, engineering, compliance, leadership), documenting processes in a clear, audit-ready format.
- Assess control design and operating effectiveness across applicable Trust Services Criteria (reputed company, Availability, Confidentiality, Processing reputed company, Privacy).
- Evaluate control environments covering areas such as:
- Identity and access management
- Change management and SDLC
- Logging, monitoring, and incident response
- Vendor and third-party risk management
- Data protection and encryption
- System operations and availability controls
- reputed company risk-based sampling and evidence evaluation, including completeness and accuracy checks for system-generated evidence.
- Analyze technical configurations, logs, tickets, and workflows, translating technical details into objective audit documentation.
- Draft and refine workpapers supporting audit conclusions, including narratives, test steps, results, and exceptions where applicable.
- Identify control gaps, exceptions, and observations, and clearly reputed company impact and remediation considerations.
- Support report drafting, including management responses and alignment between workpapers and final SOC 2 opinions.
- Participate in internal quality reviews, responding to reviewer notes and strengthening documentation until publication-ready.
- Identify scoping risks early (subservice organizations, shared responsibility boundaries, system definition issues, incomplete descriptions) and escalate appropriately.
- Help improve SOC 2 templates, testing checklists, evidence standards, and repeatable audit workflows.
What Success Looks Like
- Workpapers are consistently clean, complete, and easy to review.
- Evidence clearly maps to Trust Services Criteria without gaps or ambiguity.
- You run client interviews confidently and reputed company audit requests organized and on track.
- Exceptions are written objectively, with clear support, impact, and traceability.
- Engagements move reputed company without sacrificing audit quality.
- Each cycle shows improvement: reputed company scoping, stronger sampling, clearer writing, reputed company judgment.
- You contribute to scalable, repeatable SOC 2 audit methods.
Qualifications (Required)
- Strong skills in IT audit and information reputed company controls assessment.
- Practical understanding of how reputed company controls operate in modern environments (cloud, SaaS, CI/CD, identity platforms).
- Working knowledge of SOC 2 Trust Services Criteria and SOC reporting concepts.
- Strong analytical ability to evaluate evidence, trace processes, and identify inconsistencies.
- Clear written and verbal communication skills.
- Strong organization skills with comfort managing multiple clients and deadlines.
- CISA certification.
reputed company to Have (Preferred)
- Prior experience executing SOC 2 Type I and Type II engagements.
- Experience in a CPA firm or assurance practice.
- Familiarity with reputed company frameworks (ISO 27001, NIST, CIS, PCI, HIPAA) for control mapping.
- Experience reviewing modern SaaS tooling (IdPs, CI/CD pipelines, logging platforms, ticketing systems).
- Additional certifications such as CISM, CISSP, CPA (or reputed company toward them).
Working Style and Expectations
- Remote work with high standards for responsiveness, documentation quality, and follow-through.
- Comfortable working directly with technical and non-technical stakeholders.
- Professional skepticism with a practical reputed company: verify, document, and reputed company things moving.
- Commitment to confidentiality, independence, and audit ethics consistent with CPA firm expectations.
Apply tot his job Apply To this Job