SOC 2 Readiness Consultant

Primary Talent Partners has a short term (8-10 weeks) contract/consulting opportunity with a client here in Charlotte who needs a SOC 2 Readiness Consultant who can balance audit requirements with real-world operational constraints.Pay: $100.00 - $200.00/hr; W2 or 1099 contract, no PTO, no Benefits. ACA-compliant supplemental package available for enrollment.Schedule: Hybrid -- Charlotte Office/Remote with regular working sessionsDescription:We are specifically looking for a consultant who has led SOC 2 readiness efforts end-to-end and can balance audit requirements with real-world operational constraints.Engagement DetailsDuration: ~8-10 weeks (SOC 2 Type 1 readiness)Potential extension: Support through Type 2 readiness periodWork style: Highly collaborative with internal IT leadership and external providersLocation: Hybrid Charlotte Office/Remote with regular working sessionsOverviewWe are seeking an experienced SOC 2 readiness and controls implementation consultant to lead the development of policies, controls, and supporting documentation required to complete a SOC 2 Type 1 audit within ~60 days, while establishing a practical, sustainable foundation for SOC 2 Type 2 certification within 6-9 months.This is a hands-on role, not a project management position. The consultant will be expected to actively author policies, design controls, gather evidence, and work directly with internal teams and external service providers to operationalize a right-sized, audit-ready control environment.Key ObjectivesDeliver a SOC 2 Type 1-ready control environment within ~60 daysDefine a right-sized control framework that can be realistically maintained for Type 2Ensure all controls are:AuditableOperationally sustainableAligned to company's current AWS-based and MSP-supported environmentEstablish a clear path and readiness plan for SOC 2 Type 2 (6-9 month horizon)Scope of WorkControl Framework Design (Right-Sized Approach)Define SOC 2 control scope aligned to Security Trust Service Criteria (minimum)Avoid over-engineering controls that cannot be operationalizedMap controls to:Cloud infrastructure (AWS)Identity & access managementEndpoint security (e.g., CrowdStrike)MSP-managed services (e.g., infrastructure, SOC)Policy & Procedure Development (Hands-On)Draft and refine required policies, including:Access control / IAMData classification & handlingChange managementIncident responseVendor risk managementBackup & disaster recoveryEnsure policies are:Audit-readyAligned to actual operations (not theoretical)Evidence Definition & CollectionIdentify required evidence for each controlWork directly with:Internal IT teamMSP providers (e.g., infrastructure, SOC)Gather, validate, and organize audit evidenceEnsure evidence is:RepeatableSustainable for Type 2Coordination with External ProvidersInterface with:Managed service providers (infrastructure, network, cloud)Security operations providers (SOC, EDR)Translate vendor capabilities into SOC 2-aligned controls and evidenceIdentify and close control gaps across vendor boundariesOperationalization for Type 2Design controls that can be:Executed consistently over timeMeasured and evidencedAvoid "check-the-box” controls that will fail during Type 2Define:Control ownersExecution cadenceEvidence artifactsAudit PreparationPrepare company for interaction with external SOC 2 auditorSupport:Control walkthroughsEvidence reviewAudit Q&A readinessRequired ExperienceDirect, hands-on experience delivering SOC 2 Type 1 and Type 2 readinessProven ability to:Write policies and controls from scratchTranslate technical environments into audit-ready controlsExperience working with:AWS cloud environmentsMSP-supported infrastructure modelsSecurity tooling (EDR, SIEM, etc.)Strong understanding of:SOC 2 Trust Service Criteria (Security required; others optional)Control design vs. operating effectivenessExperience preparing organizations for successful Type 2 auditsCritical Success Traits (Important - include these)Practical, not theoretical→ Designs controls that teams can actually executeBias toward simplification→ Avoids over-scoping controls that create long-term burdenOperator mindset→ Comfortable working directly with engineers and MSPsDocumentation-heavy contributor→ Writes policies, procedures, and evidence narratives themselvesAudit-aware communicator→ Understands how auditors think and what they will challengePrimary Talent Partners is an Equal Opportunity / Affirmative Action employer committed to diversity in the workplace. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, age, national origin, disability, protected veteran status, gender identity, or any other factor protected by applicable federal, state, or local laws.If you are a person with a disability needing assistance with the application or at any point in the hiring process, please contact us at info@primarytalentpartners.com#PTPJobs