Information Technology Governance, Risk, and Compliance - #1676865

About the Role We are seeking an experienced SOC 2 / IT GRC Specialist Contractor to support and guide our SOC 2 Type II accreditation program. This is a critical role in a fast-moving, regulated environment, requiring hands-on experience with SOC 2 frameworks, ISO 27001, IT GRC, and GxP compliance in SaaS and cloud-hosted systems. Working closely with our Information Security, Engineering, IT, QA, and Compliance teams, the successful candidate will assess current controls, implement necessary enhancements, and lead the organization through SOC 2 readiness and audit.

Key Responsibilities

• Lead and execute SOC 2 Type II readiness activities from planning through audit support.


• Perform a gap analysis against SOC 2 Trust Services Criteria (Security, Availability, Confidentiality).


• Collaborate with control owners to define, implement, and document controls in alignment with SOC 2 and GxP expectations.


• Author, review, and enhance IT and security policies, SOPs, and governance documentation.


• Support GxP-aligned validation and change control processes where required.


• Manage risk assessments, internal audits, and remediation plans.


• Work with external auditors and vendors to support audit execution and ensure control effectiveness.


• Provide training and guidance to internal teams to embed a culture of compliance and readiness.


• Support the development, implementation, and continuous improvement of the ISO/IEC 27001-aligned ISMS

Required Skills & Experience

• Demonstrable experience leading or supporting a successful SOC 2 and ISO 27001 implementations.


• Solid understanding of the AICPA Trust Services Criteria and related IT/security controls.


• Experience working within GxP environments, particularly in relation to SaaS applications or hosted infrastructure.


• Proven ability to design and document policies and procedures that satisfy both SOC 2 and GxP requirements.


• Familiarity with validation, change control, and documentation practices in regulated industries.


• Comfortable engaging with cross-functional teams and third-party auditors.


• Self-starter with excellent organisational and project management skills.

Preferred Qualifications

• Bachelor’s degree in Information Security, Information Technology, Life Sciences, or related field.


• Experience in pharmaceutical, biotech, or healthcare technology sectors.


• Prior involvement in achieving compliance in both SOC 2 and GxP contexts.


• Familiarity with FDA 21 CFR Part 11, EU Annex 11, or similar regulations.

What We Offer

• A key role in a high-impact compliance and accreditation project.


• Remote-first working environment with flexible hours.


• Exposure to industry-leading SaaS platforms in a regulated domain.


• A collaborative team that values security, quality, and innovation.