IT Security Engineer

SOC Audit & Compliance Analyst

The SOC Audit & Compliance Analyst plays a critical role in strengthening the organization's security control maturity and audit posture by bridging technical security operations with governance and assurance requirements. This role ensures that SOC-related security controls are not only documented, but demonstrably effective through continuous testing, evidence validation, and cross-functional collaboration.

The position contributes to proactive risk reduction by enabling timely remediation, improving audit outcomes, and embedding a culture of continuous compliance across IT and security teams. Success in this role is measured by audit readiness, control reliability, and the ability to translate complex technical operations into clear, defensible audit evidence.

We'll trust you to:

• Support SOC 2 (Type I & Type II), Future ISO 27001 readiness, and internal security audits as they relate to SOC and IT operations.
• Map security and SOC controls to applicable frameworks (AICPA Trust Services Criteria, ITGCs).
• Coordinate and manage audit evidence collection from SOC, endpoint, identity, and infrastructure teams.
• Perform control design and operating effectiveness reviews for SOC adjacent controls.
• Track audit findings, risks, and remediation actions through closure.
• Maintain continuous audit readiness rather than point-in-time compliance.

• Partner with IT and GRC to support vulnerability management oversight.
• Review and validate vulnerability findings from Nessus scans.
• Track remediation of SLAs, compensating controls, and risk exceptions.
• Perform remediation validation testing post-patching or configuration changes.
• Produce vulnerability compliance metrics and audit-ready reports.

• Support endpoint security control assurance across corporate devices using Microsoft Intune.
• Validate enforcement of:
• Device compliance policies
• Security baselines
• Patch and configuration standards
• Support audit evidence related to:
• Device enrollment
• Configuration compliance
• Endpoint protection integration (e.g., Defender ecosystem)
• Partner with endpoint teams during audits to explain control design and operation.

• Support data protection and information governance controls using Microsoft Purview.
• Assist in audits related to:
• Data classification and labelling
• DLP policy enforcement
• Retention and records management
• Insider risk and audit logging
• Validate evidence of operational effectiveness for Purview-based controls.
• Maintain compliance documentation related to data security and privacy controls.

• Maintain SOC-related policies, standards, procedures, and control narratives.
• Translate technical SOC and security processes into audit-ready documentation.
• Collaborate with:
• SOC Operations
• Endpoint & IAM teams
• Internal Audit
• Risk & Compliance stakeholders
• Prepare audit responses, management action plans, and status reporting.

You'll need to have:

• 2–6 years of experience in information security, IT audit, SOC governance, or security compliance.
• Hands-on exposure to SOC audit or compliance activities.
• Working knowledge of:
• SOC 2 / ITGC concepts
• Control testing and evidence collection

• Familiarity with:
• ISO 27001
• NIST CSF / 80053
• AICPA Trust Services Criteria
• Experience working with or supporting:
• Nessus (vulnerability scanning & remediation tracking)
• Microsoft Intune (device compliance / endpoint security assurance)
• Microsoft Purview (DLP, data classification, compliance tooling)
• Strong documentation, analytical, and stakeholder communication skills.
• Certifications (nice to have, not mandatory):
• CISA
• ISO 27001 Foundation or LA
• CRISC
• Microsoft Security fundamentals

At Beghou Consulting, you'll join a highly collaborative, values-driven team where technical excellence, analytical rigor, and personal growth converge. Whether you're passionate about AI innovation, building commercialization strategies, or shaping the next generation of data-first solutions in life sciences, this is a place to make an impact!