Information Technology Auditor

Company Description

GreenHat Assurance is a licensed CPA firm specializing in SOC 2 attestation engagements. We produce defensible Type I and Type II reports through rigorous scoping, disciplined sampling, and clear evidence documentation. Our approach includes a thorough, multi-layer review to support procurement diligence, investor requirements, and regulatory expectations. We care about quality, clarity, and audit workpapers that stand up to scrutiny.

Role Overview

GreenHat Assurance is hiring a full-time
IT Auditor
to support SOC 2 examinations from planning through report delivery. This role is
remote
and focused on evaluating technology controls, analyzing evidence, documenting results, and contributing to high-quality reporting. You will work closely with clients and internal reviewers to ensure accuracy, completeness, and strong audit hygiene.

This is a strong fit for someone who enjoys technical environments, can communicate clearly, and wants to develop deep expertise in SOC 2 execution and reporting.

What You'll Do (Key Responsibilities)

• Plan and execute SOC 2 engagements
  (Type I and Type II), including timelines, request lists, and testing approaches.
• Perform walkthroughs
  of client processes and systems, documenting in a clear, audit-ready format.
• Assess control design and operating effectiveness
  across common SOC 2 domains (access, change management, incident response, SDLC, vendor risk, monitoring, etc.).
• Execute disciplined sampling and evidence evaluation
  , including completeness and accuracy considerations for system-generated evidence.
• Analyze technical configurations and logs
  (where applicable), and translate technical details into clear audit documentation.
• Draft and refine workpapers
  that support conclusions, including narratives, test steps, results, and exceptions.
• Collaborate with clients
  (engineering, security, IT, compliance, leadership) to obtain evidence and resolve open items.
• Contribute to report preparation
  , including clear descriptions, issue summaries, and support for management responses when needed.
• Support internal quality reviews
  , responding to reviewer notes and improving documentation until it is publication-ready.
• Identify scoping risks early
  , such as subservice organization dependencies and boundary assumptions, and escalate appropriately.

What Success Looks Like

• Workpapers are consistently clean, complete, and easy to review.
• Evidence is tied to criteria and test steps without gaps or ambiguity.
• You can run client meetings confidently, keep requests organized, and keep engagements moving.
• Exceptions are documented objectively, with strong support and clear impact statements.
• You improve each cycle: better sampling, clearer writing, faster execution, stronger judgment.

Qualifications (Required)

• Strong skills in
  IT audit and IT controls
  assessment and validation.
• Practical understanding of
  information security concepts
  and how controls work in modern environments.
• Strong analytical ability to evaluate evidence, trace data flows, and spot inconsistencies.
• Clear writing and communication, including the ability to document complex systems in a readable way.
• Strong organization skills (multiple clients, multiple deadlines, detail-heavy work).
• CISA
  Certification

Nice to Have (Preferred)

• Experience with
  SOC 2
  examinations (or similar attestation and assurance work).
• Familiarity with cloud and modern SaaS stacks (identity providers, CI/CD, logging, ticketing, endpoint management).
• Exposure to related frameworks (ISO 27001, NIST, CIS, PCI, HIPAA) as context, not as a replacement for SOC 2.
• Certifications such as
  CISM, CISSP, CPA
  (or progress toward them).

Working Style and Expectations

• Remote work with a high standard for responsiveness, documentation quality, and follow-through.
• Comfort working directly with technical stakeholders (security, engineering, IT).
• Professional skepticism with a practical mindset: verify, document, and keep things moving.
• Commitment to confidentiality and independence expectations consistent with audit work.