Information Technology Governance, Risk, and Compliance

About the Role We are seeking an experienced SOC 2 / IT GRC Specialist Contractor to support and guide our SOC 2 Type II accreditation program. This is a critical role in a fast-moving, regulated environment, requiring hands-on experience with SOC 2 frameworks, ISO 27001, IT GRC, and GxP compliance in SaaS and cloud-hosted systems. Working closely with our Information Security, Engineering, IT, QA, and Compliance teams, the successful candidate will assess current controls, implement necessary enhancements, and lead the organization through SOC 2 readiness and audit.

Key Responsibilities

• Lead and execute SOC 2 Type II readiness activities from planning through audit support.
• Perform a gap analysis against SOC 2 Trust Services Criteria (Security, Availability, Confidentiality).
• Collaborate with control owners to define, implement, and document controls in alignment with SOC 2 and GxP expectations.
• Author, review, and enhance IT and security policies, SOPs, and governance documentation.
• Support GxP-aligned validation and change control processes where required.
• Manage risk assessments, internal audits, and remediation plans.
• Work with external auditors and vendors to support audit execution and ensure control effectiveness.
• Provide training and guidance to internal teams to embed a culture of compliance and readiness.
• Support the development, implementation, and continuous improvement of the ISO/IEC 27001-aligned ISMS

Required Skills & Experience

• Demonstrable experience leading or supporting a successful SOC 2 and ISO 27001 implementations.
• Solid understanding of the AICPA Trust Services Criteria and related IT/security controls.
• Experience working within GxP environments, particularly in relation to SaaS applications or hosted infrastructure.
• Proven ability to design and document policies and procedures that satisfy both SOC 2 and GxP requirements.
• Familiarity with validation, change control, and documentation practices in regulated industries.
• Comfortable engaging with cross-functional teams and third-party auditors.
• Self-starter with excellent organisational and project management skills.

Preferred Qualifications

• Bachelor’s degree in Information Security, Information Technology, Life Sciences, or related field.
• Experience in pharmaceutical, biotech, or healthcare technology sectors.
• Prior involvement in achieving compliance in both SOC 2 and GxP contexts.
• Familiarity with FDA 21 CFR Part 11, EU Annex 11, or similar regulations.

What We Offer

• A key role in a high-impact compliance and accreditation project.
• Remote-first working environment with flexible hours.
• Exposure to industry-leading SaaS platforms in a regulated domain.
• A collaborative team that values security, quality, and innovation.