Information Technology Auditor

Company Overview GreenHat Assurance is a licensed CPA firm specializing in SOC 2 attestation engagements. We produce defensible Type I and Type II reports through rigorous scoping, disciplined sampling, and clear, audit-ready evidence documentation. Our work supports procurement diligence, investor requirements, and regulatory expectations for modern technology organizations. Our approach is practical and evidence-driven. We care about quality, clarity, and documentation that stands up to scrutiny. We focus on controls that actually operate in real environments and on audit workpapers that hold up under peer review. Role Overview GreenHat Assurance is hiring a full-time SOC 2 IT Auditor to support SOC 2 Type I and Type II engagements from planning through report delivery. This role is remote and focused on evaluating control design and operating effectiveness, analyzing evidence, documenting results, and contributing to high-quality SOC 2 reporting. This is a strong fit for someone who enjoys technical environments, can communicate clearly, and wants to build deep expertise in SOC 2 execution, control testing, and trust services reporting. What You’ll Do (Key Responsibilities) • Plan and execute SOC 2 engagements (Type I and Type II), including scoping, audit plans, request lists, interview schedules, and testing approaches. • Conduct walkthroughs and stakeholder interviews (security, IT, engineering, compliance, leadership), documenting processes in a clear, audit-ready format. • Assess control design and operating effectiveness across applicable Trust Services Criteria (Security, Availability, Confidentiality, Processing Integrity, Privacy). • Evaluate control environments covering areas such as: • Identity and access management • Change management and SDLC • Logging, monitoring, and incident response • Vendor and third-party risk management • Data protection and encryption • System operations and availability controls • Perform risk-based sampling and evidence evaluation, including completeness and accuracy checks for system-generated evidence. • Analyze technical configurations, logs, tickets, and workflows, translating technical details into objective audit documentation. • Draft and refine workpapers supporting audit conclusions, including narratives, test steps, results, and exceptions where applicable. • Identify control gaps, exceptions, and observations, and clearly articulate impact and remediation considerations. • Support report drafting, including management responses and alignment between workpapers and final SOC 2 opinions. • Participate in internal quality reviews, responding to reviewer notes and strengthening documentation until publication-ready. • Identify scoping risks early (subservice organizations, shared responsibility boundaries, system definition issues, incomplete descriptions) and escalate appropriately. • Help improve SOC 2 templates, testing checklists, evidence standards, and repeatable audit workflows. What Success Looks Like • Workpapers are consistently clean, complete, and easy to review. • Evidence clearly maps to Trust Services Criteria without gaps or ambiguity. • You run client interviews confidently and keep audit requests organized and on track. • Exceptions are written objectively, with clear support, impact, and traceability. • Engagements move efficiently without sacrificing audit quality. • Each cycle shows improvement: better scoping, stronger sampling, clearer writing, better judgment. • You contribute to scalable, repeatable SOC 2 audit methods. Qualifications (Required) • Strong skills in IT audit and information security controls assessment. • Practical understanding of how security controls operate in modern environments (cloud, SaaS, CI/CD, identity platforms). • Working knowledge of SOC 2 Trust Services Criteria and SOC reporting concepts. • Strong analytical ability to evaluate evidence, trace processes, and identify inconsistencies. • Clear written and verbal communication skills. • Strong organization skills with comfort managing multiple clients and deadlines. • CISA certification. Nice to Have (Preferred) • Prior experience executing SOC 2 Type I and Type II engagements. • Experience in a CPA firm or assurance practice. • Familiarity with related frameworks (ISO 27001, NIST, CIS, PCI, HIPAA) for control mapping. • Experience reviewing modern SaaS tooling (IdPs, CI/CD pipelines, logging platforms, ticketing systems). • Additional certifications such as CISM, CISSP, CPA (or progress toward them). Working Style and Expectations • Remote work with high standards for responsiveness, documentation quality, and follow-through. • Comfortable working directly with technical and non-technical stakeholders. • Professional skepticism with a practical mindset: verify, document, and keep things moving. • Commitment to confidentiality, independence, and audit ethics consistent with CPA firm expectations. Apply tot his job Apply To this Job