Information Technology Governance, Risk, and Compliance

About the Role We are seeking an experienced SOC 2 / IT GRC Specialist Contractor to support and guide our SOC 2 Type II accreditation program. This is a critical role in a fast-moving, regulated environment, requiring hands-on experience with SOC 2 frameworks, ISO 27001, IT GRC, and GxP compliance in SaaS and cloud-hosted systems. Working closely with our Information Security, Engineering, IT, QA, and Compliance teams, the successful candidate will assess current controls, implement necessary enhancements, and lead the organization through SOC 2 readiness and audit. Key Responsibilities Lead and execute SOC 2 Type II readiness activities from planning through audit support. Perform a gap analysis against SOC 2 Trust Services Criteria (Security, Availability, Confidentiality). Collaborate with control owners to define, implement, and document controls in alignment with SOC 2 and GxP expectations. Author, review, and enhance IT and security policies, SOPs, and governance documentation. Support GxP-aligned validation and change control processes where required. Manage risk assessments, internal audits, and remediation plans. Work with external auditors and vendors to support audit execution and ensure control effectiveness. Provide training and guidance to internal teams to embed a culture of compliance and readiness. Support the development, implementation, and continuous improvement of the ISO/IEC 27001-aligned ISMS Required Skills & Experience Demonstrable experience leading or supporting a successful SOC 2 and ISO 27001 implementations. Solid understanding of the AICPA Trust Services Criteria and related IT/security controls. Experience working within GxP environments, particularly in relation to SaaS applications or hosted infrastructure. Proven ability to design and document policies and procedures that satisfy both SOC 2 and GxP requirements. Familiarity with validation, change control, and documentation practices in regulated industries. Comfortable engaging with cross-functional teams and third-party auditors. Self-starter with excellent organisational and project management skills. Preferred Qualifications Bachelor’s degree in Information Security, Information Technology, Life Sciences, or related field. Experience in pharmaceutical, biotech, or healthcare technology sectors. Prior involvement in achieving compliance in both SOC 2 and GxP contexts. Familiarity with FDA 21 CFR Part 11, EU Annex 11, or similar regulations. What We Offer A key role in a high-impact compliance and accreditation project. Remote-first working environment with flexible hours. Exposure to industry-leading SaaS platforms in a regulated domain. A collaborative team that values security, quality, and innovation.