Compliance Implementation Consultant

Job Description

Totalis Consulting Group, Inc. is leveraging its 24-year history of rigorous compliance and past performance in the federal sector to launch a new, high-growth GRC advisory division. We are seeking a Senior Compliance Implementation Consultant to serve as our foundational technical expert.

This role is responsible for leading our core offering: the "90-Day SOC 2 Accelerator." You will manage the entire client journey from gap analysis to audit readiness, utilizing best-in-class compliance automation platforms (Drata, Vanta, etc.) to ensure a fixed-fee, high-quality, and predictable outcome.

🔑 Key Responsibilities

The successful candidate will be a "Builder" who blends security expertise with exceptional project management and client service.

1. Compliance Platform Implementation (The Core Service):
   • Lead the end-to-end implementation and configuration of GRC automation tools (e.g., ServiceNow, Archer, Drata, Vanta, Secureframe) for mid-market SaaS clients.
   • Configure platform integrations (AWS, Azure, GitHub, Okta, etc.) to automate evidence collection and ensure continuous monitoring of controls.
   • Serve as the technical lead, troubleshooting integration issues and optimizing the platform to align with the client's architecture and the SOC 2 framework.
2. Audit Readiness and Policy Development:
   • Conduct initial Gap Assessments against SOC 2 Trust Service Criteria, ISO 27001, and other relevant frameworks.
   • Develop, update, and maintain all necessary Security and Compliance Policies and Procedures (Policy Development).
   • Create prioritized Remediation Roadmaps (POA&Ms) and guide client teams on control implementation.
3. Client and Auditor Management (The Consultant Role):
   • Act as the primary technical point of contact for the client and a liaison with external auditors.
   • Coordinate the final audit, utilizing the GRC platform's tools to provide real-time evidence and reporting for a smooth and efficient attestation.
   • Serve as a trusted advisor, translating complex control requirements into clear, non-technical actions for IT, Engineering, and executive stakeholders.
4. Internal IP Development & Training (The Strategic Role):
   • Develop Totalis's proprietary "90-Day Accelerator" Statement of Work (SOW) and internal implementation playbooks.
   • Coach the CEO and sales team on the technical nuances of GRC automation to build internal fluency and credibility.

💼 Required Qualifications

1. 1. Experience: 3 years of experience in compliance, information security, or risk management, with a specific focus on SOC 2 and/or ISO 27001 compliance in a SaaS environment.
   2. Platform Expertise: Hands-on experience with Drata, Vanta, Secureframe, Sprinto, or a similar compliance automation platform is a mandatory requirement.
   3. Technical Fluency: Strong understanding of cloud security (AWS/Azure), identity providers (Okta/Azure AD), and version control systems (GitHub/GitLab).
   4. Certifications (Preferred): Relevant certifications such as CISA, CISSP, CRISC, or CISM are highly desirable.
   5. Project Management: Exceptional project management and organizational skills with a proven track record of delivering fixed-scope compliance projects on time.