Manage SOC 2 Type II audit cycles from scoping through evidence collection to final report, serving as the primary point of contact for auditors and collaborators.
Coordinate HIPAA compliance assessments, including risk analyses, policy reviews, and Business Associate Agreement (BAA) management.
Conduct structured gap analyses against applicable frameworks (SOC 2, HIPAA, ISO 42001, NIST CSF) to identify control deficiencies and develop prioritized remediation roadmaps.
Track risk mitigation and remediation plans, ensuring accountability and measurable progress against accepted risk thresholds.
Serve as the primary responder to enterprise customer security questionnaires, and engage directly with customers and prospects.
Demonstrate a solid understanding of system and data architecture, including cloud infrastructure, data flows, and access controls, in order to answer technical assessment questions accurately and confidently.
Develop and maintain a reusable security response library (trust portal, standard questionnaire answers, and diagrams) to accelerate future engagements.
Act as a security partner to Engineering, Product, Legal, Sales, and Customer Success, translating security requirements into actionable guidance for non-security audiences.
Participate in architecture and design reviews, ensuring new systems and features meet security and compliance requirements before deployment.
Maintain fluency in artificial intelligence and automation technologies, understanding their security and compliance implications within Rad AI’s platforms.
Leverage AI-assisted tools to improve security operations efficiency, including threat analysis, automated evidence collection, and other cybersecurity workflows.

Requirements

Bachelor’s degree in Information Security, Computer Science, or a related field.
6+ years of experience in cybersecurity, with at least 2 years of hands-on involvement in compliance programs or security audits.
Demonstrated experience leading or significantly contributing to SOC 2 through full audit lifecycle.
Practical knowledge of risk management frameworks (NIST RMF, ISO 42001, FAIR) and risk treatment processes.
Experience responding to enterprise customer security questionnaires and interfacing directly with customers on security topics.
Strong project management skills with the ability to manage multiple concurrent workstreams in a fast-paced environment.
Ability to communicate complex security and compliance topics clearly to both technical and non-technical audiences, including in customer-facing settings.
Experience reviewing and maintaining information security policies and procedures.
Active security certifications; ideally a CISSP and CISA.

Benefits

Comprehensive Medical, Dental, Vision & Life insurance
HSA (with employer match), FSA, & DCFSA
401(k)
11 Paid Company Holidays
Location Flexibility (Remote-first company!)
Flexible PTO policy
Annual company-wide offsite
Periodic team offsites
Annual equipment stipend
For roles based outside the US, your recruiter can share more details

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

SOC 2 Type IIHIPAA complianceISO 42001NIST CSFrisk management frameworkssecurity auditsrisk analysesdata architecturecloud infrastructurecybersecurity workflows

Soft Skills

project managementcommunicationcollaborationcustomer engagementproblem-solvingleadershipaccountabilityadaptabilityanalytical thinkingtechnical writing

Certifications

CISSPCISA