SOC 2 Associate Director (CPA) - US

Описание вакансии

Insight Assurance is a global audit firm on a mission to transform how organizations achieve cybersecurity and compliance. Founded by former Big 4 (EY) professionals, we deliver next-generation audit services across SOC 2, ISO 27001, PCI DSS (QSA), HITRUST, CMMC (C3PAO), and FedRAMP (3PAO) frameworks.

We’re not your traditional audit firm — we’re tech-enabled, leveraging compliance automation and advanced collaboration tools to make audits faster, smarter, and more impactful for our clients.

Recognized on the Inc. 5000 and Fast 50 lists, Insight Assurance is one of the fastest-growing global audit firms, with 170+ professionals supporting nearly 2,000 clients across the Americas, EMEA, and APAC.

Position Summary

The Associate Director SOC Assurance is responsible for leading System and Organization Controls SOC examination engagements within Insight Assurance’s SOC practice. This role oversees the planning, execution, and delivery of SOC attestation engagements in accordance with AICPA attestation standards and the firm’s quality control policies. 

The Associate Director works closely with client leadership including CISOs, CIOs, compliance leaders, and executive stakeholders to coordinate SOC examination activities, evaluate the design and operating effectiveness of internal controls, and ensure the accurate and timely delivery of SOC reports. 

Key responsibilities include managing engagement teams, reviewing technical workpapers, assessing control environments, and maintaining compliance with professional auditing standards and firm methodologies. The Associate Director ensures that SOC examinations are conducted with independence, objectivity, and technical rigor. 

In addition to engagement leadership, this role supports the development of the firm’s SOC practice through staff mentorship, quality review, and contributions to audit methodology and operational improvements. 

Key Responsibilities

1. Engagement Leadership

• Lead and oversee SOC 1 and SOC 2 examination engagements, including planning, execution, and report delivery.

• Manage multiple concurrent engagements while ensuring adherence to AICPA attestation standards, including SSAE 18 AT C 205 and AT C 320.

• Develop engagement plans, timelines, and resource allocations.

• Ensure timely delivery of high-quality SOC reports and supporting documentation.

• Serve as the primary engagement leader responsible for engagement execution, quality, and client coordination.

1. Technical Oversight and Assurance Quality

• Provide subject matter expertise on SOC reporting requirements, including SOC 1 Internal Controls over Financial Reporting

• SOC 2 Trust Services Criteria, including Security, Availability, Processing Integrity, Confidentiality, and Privacy

• Internal control frameworks and IT control environments.

• Review control testing procedures, workpapers, and supporting evidence to ensure compliance with AICPA standards and firm methodology.

• Evaluate the design and operating effectiveness of controls within complex technology and service environments.

• Ensure engagement documentation meets firm quality standards and regulatory expectations.

1. Client Engagement and Communication

• Serve as the primary point of contact for clients during SOC examination engagements.

• Lead engagement kickoff meetings, walkthroughs, and scoping discussions.

• Communicate engagement status, testing results, and report findings to client leadership.

• Respond to client inquiries regarding SOC reporting requirements and examination procedures.

• Coordinate information requests and ensure efficient communication throughout the engagement lifecycle.

1. Report Review and Quality Assurance

• Review SOC reports, management assertions, and testing documentation before issuance.

• Ensure engagement deliverables comply with AICPA reporting requirements and firm quality control policies.

• Support internal peer reviews, quality assurance reviews, and regulatory inspections.

• Identify and address technical or compliance issues during engagements.

1. Practice Development

• Support business development initiatives, including proposal development and client presentations.

• Assist with scoping discussions for prospective SOC engagements.

• Contribute to the development and enhancement of SOC methodologies, templates, and engagement tools.

• Support the continued growth of the firm’s SOC practice.

1. Team Leadership and Mentorship

• Manage and mentor Managers, Seniors, and Associates across SOC engagements.

• Provide coaching and technical training related to SOC reporting, internal controls, and attestation standards.

• Review staff work and provide feedback to support professional development.

• Assist with recruiting, onboarding, and training of new team members.

Required Qualifications

• Bachelor's degree in accounting, Information Systems, Cybersecurity, or related field.

• Seven to ten years of experience in audit, assurance, cybersecurity compliance, or risk and compliance services.

• Significant experience performing or leading SOC 1 and SOC 2 examinations.

• Strong knowledge of AICPA attestation standards and SOC reporting frameworks.

• Experience managing client engagements and supervising engagement teams.

• Strong written and verbal communication skills suitable for executive and technical audiences.

Preferred Qualifications 

• CPA license (active or eligible)

• Additional certifications such as CISA, CISSP, CISM, or CRISC

• Experience working in public accounting, consulting, or specialized assurance firms

• Familiarity with security and compliance frameworks including:

• ISO 27001

• HITRUST

• PCI DSS

• NIST Cybersecurity Framework

• Experience working with SaaS, cloud service providers, or technology companies

Core Competencies 

• Engagement leadership and project management

• Technical expertise in SOC reporting and internal controls

• Client relationship management and executive communication

• Quality assurance and risk management

• Team development and mentorship

• Strategic thinking and practice development

BENEFITS

• Flexible Paid Time Off and paid holidays
• Performance Bonuses
• 100% Remote

Privacy Notice CCPA:

• Insight Assurance shares your personal data/information with Greenhouse recruiting because this is the tool we use for the recruitment process.
• Insight Assurance does not sell personal data/information under any circumstances.
• You may exercise your rights under personal data protection legislation by reaching out to us via: HR@insightassurance.com or submit a request via mail at 400 N Tampa St. 15th Floor Suite 122, Tampa, FL 33602

Privacy Notice GDPR:

This notice informs you about the categories of Personal Data/ Information and the Purpose and Scope of Processing Activities to be undertaken by Insight Assurance (we, us, our), under its job application and recruitment process.

We resort to Greenhouse.com as the platform that supports our recruitment process, and therefore your Personal Data/ Information will be Processed on this tool (hosted, shared with, cross-referenced, accessed by our team); we have in place contractual terms and the commitment of Greenhouse.com that ensures the Security and Confidentiality plus Purpose limitation with regards to the Processing of your Personal Data.

When you reply to one of your job postings, you voluntarily and freely submit your Personal Data to us; this, allied with the fact that the Processing by us (and over Greenhouse.com) of that Personal Data has the sole Purpose of validating your application and proceeding with the inherent scrutiny and decision, allows us to argue having Legitimate Interest as the applicable Legal Basis to undertake the Processing of your Personal Data under this scope.

We are a U.S. based company, hence some or all Personal Data pertaining to you will be hosted in the U.S.

The categories of Personal Data under Processing consist of:

• Identification
• Contact
• Education and Professional
• Interview performance
• Evaluation

You may exercise several Rights as determined under applicable Personal Data Protection legislation, in short:

• *Right of Access*– meaning getting information about the Personal Data under Processing by us, except for the information you already know;
• *Right of Erasure*– you may ask for us to erase all Personal Data pertaining to you under Processing; this may imply you being excluded from the recruitment process, for without information we cannot proceed with it;
• *Right of Opposition or Restriction of Processing*– you may ask us to stop some Processing or restrict the Processing of some Personal Data, this may imply you being excluded from the recruitment process, at our sole discretion also for without information we cannot proceed with it;
• *Rectification*– you can rectify your Personal Data at anytime