SOC 2 Project Analyst: GRC Team

SOC 2 Project Analyst: GRC Team

£80,000

Fixed Term Contract - 6 months

UK/Remote

Start ASAP

About the Role

We are seeking an experienced SOC 2 / IT GRC Specialist to support/lead a key project and guide our SOC 2 Type II accreditation program. This is a critical role in a fast-moving, regulated environment, requiring hands-on experience with SOC 2 frameworks, ISO 27001, IT GRC, and GxP compliance in SaaS and cloud-hosted systems.

Working closely with our Transformation, Information Security, Engineering, IT, QA, and Compliance teams, the successful candidate will business requirements gather, assess current controls, implement necessary enhancements, and lead the organization through SOC 2 implementation, readiness and audit.

Key Responsibilities

• Collaborate with control owners to define, implement, and document controls in alignment with SOC 2 and GxP expectations.
• Perform a gap analysis against SOC 2 Trust Services Criteria (Security, Availability, Confidentiality).
• Author, review, and enhance IT and security policies, SOPs, and governance documentation.
• Support GxP-aligned validation and change control processes where required.
• Manage risk assessments, internal audits, and remediation plans.
• Work with external auditors and vendors to support audit execution and ensure control effectiveness.
• Provide training and guidance to internal teams to embed a culture of compliance and readiness.
• Support the development, implementation, and continuous improvement of the ISO/IEC 27001-aligned ISMS

Required Skills & Experience

• Self-starter with excellent organisational and project management skills.
• Demonstrable experience leading or supporting a successful SOC 2 and ISO 27001 implementations.
• Familiarity with validation, change control, and documentation practices in regulated industries.
• Solid understanding of the AICPA Trust Services Criteria and related IT/security controls.
• Experience working within GxP environments, particularly in relation to SaaS applications or hosted infrastructure.
• Proven ability to design and document policies and procedures that satisfy both SOC 2 and GxP requirements.
• Comfortable engaging with cross-functional teams and third-party auditors.
• Bachelor's degree in Information Security, Information Technology, Life Sciences, or related field.
• Experience in pharmaceutical, biotech, or healthcare technology sectors.
• Prior involvement in achieving compliance in both SOC 2 and GxP contexts.

Interested in being considered? Apply without delay to find out more.