RFP for Cybersecurity Compliance Consultant Services- HIPAA & SOC2 ️ - Remote for a US SaaS Startu

RFP for Cybersecurity Compliance Consultant Services- HIPAA & SOC2 ️ - Remote for a US SaaS Startup

Localização: Recife

Job Type: Full Time

Contract Type: Permanent

Sector: Accounts

We connect talented tech professionals in Latin America and Canada with remote career opportunities at innovative startups worldwide. Our personalized approach ensures you're matched with companies that value your contributions and offer opportunities for growth.

Company Overview: The client is a venture-backed startup simplifying access to essential benefits for frontline workers. Their AI-powered platform helps employees easily find and apply for benefits like childcare, elder care, and nutrition programs. With backing from major enterprise retail investors and $2.5M secured in funding, they are expanding their reach to serve leading retailers, healthcare providers, and Fortune 500 companies. The diverse, remote-first team is spread across the globe, united in their mission to empower employees and create healthier workplaces. Currently on the brink of Series A funding, this presents a unique opportunity for growth and impact.

Project Objective: The client seeks to engage a qualified Cybersecurity Compliance Consultant to renew their SOC 2 certification and manage HIPAA compliance processes. The consultant will ensure that all necessary documentation, policies, and controls are updated and maintained to meet compliance standards. Additionally, the consultant will utilize compliance automation tools to streamline and enhance the overall compliance framework.

Scope of Work:

1. SOC 2 Certification Renewal: Lead the SOC 2 audit renewal process. Perform a gap analysis to identify compliance deficiencies. Update and unify existing cybersecurity policies to align with SOC 2 requirements.
2. HIPAA Compliance Management: Oversee the HIPAA compliance process. Develop and implement HIPAA-related policies and procedures. Ensure ongoing adherence to HIPAA regulations and standards.
3. Policy Development and Documentation: Create, update, and maintain comprehensive cybersecurity policies. Organize and manage documentation repositories for audit readiness.
4. Compliance Automation: Utilize Drata or similar tools to automate evidence collection and compliance processes. Integrate compliance tools with the existing tech stack to enhance efficiency.
5. Collaboration and Training: Work with cross-functional teams to implement compliance controls. Provide training to staff on compliance requirements and best practices.

Project Duration: Approximately 350 hours. Estimated Completion: Flexible, with options for full-time over a shorter period or part-time over an extended duration.