Senior GRC Consultant - SOC 2 / ISO 27001 Implementation (LATAM, Remote, US Clients) - Contract to Hire

Job Description

Amomitto Security is a US-based cybersecurity consultancy hiring two Senior GRC Consultants to join our delivery team as long-term hires with real growth opportunity. We start on Upwork to validate fit, then convert to a full-time offer at $80K base / $100K OTE, with a clear path to practice lead / vCISO work as we scale. You'll lead SOC 2 and ISO 27001 implementations for US-based clients (SaaS, fintech, healthtech), own vendor security questionnaires (VSQs) end-to-end, and work directly with client security and engineering teams. This is not an audit role - we implement. We need people who can walk into a messy client environment, separate real controls from compliance theater, and tell the client what it actually takes to get audit-ready. What you'll do Lead SOC 2 Type I and Type II implementations from gap assessment through audit readiness Run ISO 27001 implementations: ISMS build-out, risk assessment, SoA, control mapping Evaluate existing client policies and controls critically — catch when purchased templates describe an organization that doesn't exist, and rewrite to reflect reality Map findings accurately to Trust Services Criteria (CC1-CC9) and ISO Annex A controls Own vendor security questionnaires solo — technical responses across SSO/MFA, IAM, encryption, network controls, cloud architecture Work directly with client engineering teams on control implementation in AWS, GCP, and Azure Manage client Vanta / Drata / Secureframe instances — integrations, failing checks, evidence collection, getting from 30% to 95%+ Flag adjacent framework needs (HIPAA, PCI DSS) when scope demands it, even if the client didn't ask Present findings and remediation plans directly to client VPs, CTOs, and CEOs Draft client-ready policies, gap assessments, and audit readiness timelines Required 5-7 years in GRC / information security consulting - you've implemented (not just audited) SOC 2 and/or ISO 27001 for multiple clients Strong judgment and consulting instinct - you can read a policy package and immediately tell whether it reflects real operating controls or is aspirational theater, and you know how to explain the difference to a non-technical executive Technical depth to own VSQs without engineering backup - SSO/MFA, IAM, encryption at rest/in transit, network segmentation, cloud primitives in AWS, GCP, or Azure Working knowledge of Vanta, Drata, or Secureframe - integrations, failing checks, remediation prioritization Consulting background - current or recent role at a cybersecurity or compliance consultancy (not in-house compliance for a single company) Professional-level English - you'll be on client calls daily, presenting findings and pushing back on executives. This is non-negotiable. Based in LATAM (Argentina, Colombia, Mexico, Chile, Costa Rica, Uruguay, Peru, Brazil) Strong written communication - most client deliverables are documents that get sent without editing Nice to have HIPAA, PCI DSS, GDPR, or NIST 800 fifty 3 experience Certifications: ISO 27001 LA/LI, CISA, CRISC, CCSK, AWS/GCP/Azure Security Prior experience working with US clients on GMT-5 to GMT-8 hours Healthcare, fintech, or other regulated industry exposure What we offer Long-term hire with growth opportunity - Upwork trial first, then $80K base / $100K OTE full-time, with a path into practice lead / vCISO work as our LATAM delivery team scales Remote, full-time, LATAM-based Direct work with US clients in regulated industries Senior-only team - All ownership, all deliverables Small, senior team, direct collaboration with the CEO, no corporate bureaucracy About us Amomitto Security is a US cybersecurity consultancy delivering vCISO, compliance, corporate security, and offensive security services. We're building our LATAM delivery team to serve growing demand from US clients. Hiring Process Upwork proposal review - we read every answer 30-min intro call - mutual fit, scope of your past work Paid technical assessment - $200 USD, ~4 hours total (30-min kickoff, 2.5 hrs independent work on a realistic SOC 2 readiness scenario, 1-hr walkthrough call). We pay for your time regardless of outcome. Offer - start on Upwork, convert to full-time at $80K/$100K OTE Apply tot his job Apply To this Job