Logo for NexusTek

Information Security Analyst/Compliance Lead - CONTRACT

Role overview

Qualifications

  • Hands-on experience with SOC 2 compliance
  • Proficiency with Vanta or a comparable GRC platform
  • Working knowledge of CrowdStrike or comparable EDR platforms
  • Understanding of HIPAA compliance requirements

Responsibilities

  • Upload and manage security policies within a compliance automation platform
  • Gather, organize, and upload evidence for SOC 2 controls
  • Monitor and triage EDR alerts; perform investigations on security incidents
  • Support the team in establishing repeatable security processes

About the company

NexusTek logo

NexusTek

Trusted by thousands of small and medium-sized businesses (SMBs), NexusTek is a national managed IT services provider with a comprehensive portfolio comprised of end-user services, cloud, infrastructure, cyber security, and IT consulting. We design holistic technology solutions for business customers that deliver a superior end-user experience, backed by a 24/7/365 domestically staffed support team. NexusTek Managed Service Plans offer end-to-end IT management with fixed-monthly, per-user pricing through which SMBs can leverage helpdesk, backup, disaster recovery, dedicated engineers, security, 24x7 remote support and network monitoring services while creating predictable IT budgets.NexusTek is ranked on the Channel Futures MSP 501 list of top Managed Services Providers worldwide, is the 2018 Channel Futures MSP of the Year, a six-time CRN MSP Elite 250 list member, a three-time CRN Triple Crown winner, and an award-winning Microsoft Solutions Partner for Modern Work.Included in its all-encompassing products and services portfolio are: IT support and outsourced help desk backed by multiple domestic NOCs (Network Operation Centers) for redundancy; hosted infrastructure, cloud services, and Microsoft Azure; professional IT consulting and virtual CIO (vCIO) services; disaster recovery as a service (DRaaS); cyber security services; server and network monitoring; unified communications and voice-over-IP (VoIP); Office 365; enterprise content management (ECM); and many more IT solutions. An SSAE 18 SOC II certified company, NexusTek adheres to rigorous, industry-accepted auditing standards for service companies. This achievement reflects the transparency and control that comes from managed private cloud service environments.For additional information, please visit https://www.nexustek.com.

Company details

Company typeSME
Company size201 - 500

Your match analysis

See how your profile stacks up against this role.

We compared the job requirements to your profile to show where you're strong and where you fall short.

Job description

CONTRACT OPPORTUNITY — SECURITY & COMPLIANCE

Security Analyst / Compliance Lead

Contract | Remote (U.S.-Based) | Mid-July – December 2026

Engagement Type

Contract — 1099 preferred

Rate

Commensurate with experience — details provided on initial call

Duration

Approximately 5.5–6 months — mid-July through December 31, 2026

Location

Fully remote — U.S.-based only

Hours

Full-time dedicated resource

Start Date

Mid-July 2026


The Opportunity

A fast-growing healthcare services company is undergoing its first SOC 2 audit and building its information security program from the ground up. The organization operates in a HIPAA-compliant, high-trust environment and is now taking on enterprise clients who require formal compliance credentials.

We are placing one Security Analyst / Compliance Lead as a dedicated, embedded resource. This person will function as an extension of the internal team — owning day-to-day security operations and SOC 2 evidence collection. This is a hybrid role, not a senior architect or vCISO seat, and it does not involve facing the auditor directly.

What You Will Do

  • Upload and manage security policies within a leading compliance automation platform
  • Gather, organize, and upload evidence for SOC 2 controls across the defined audit scope
  • Map evidence to applicable Trust Service Criteria; identify and flag gaps
  • Support remediation efforts and compensating controls as audit findings surface
  • Monitor and triage EDR alerts; perform initial investigations on security incidents
  • Execute incident response procedures in accordance with the client's IR plan
  • Handle ad hoc security and compliance tasks as directed by client leadership
  • Support the team in establishing repeatable security processes as the program matures

Required Qualifications

  • Hands-on experience with SOC 2 compliance — familiarity with Trust Service Criteria, evidence collection, and control mapping
  • Proficiency with Vanta or a comparable GRC / compliance automation platform
  • Working knowledge of CrowdStrike or comparable EDR platforms for alert triage and basic incident response
  • Understanding of HIPAA compliance requirements and high-trust environments
  • Ability to translate technical security controls into audit-ready documentation
  • Strong organizational skills — able to independently manage a large volume of evidence across multiple control areas
  • Available to start mid-July 2026 and commit through December 31, 2026
  • U.S.-based, available to work fully remote

Preferred Qualifications

  • Prior experience in a healthcare or health services organization
  • Familiarity with third-party audit firms and evidence submission processes
  • Exposure to additional frameworks such as ISO 27001, NIST RMF, GDPR, or PCI DSS
  • Experience with Azure environments or cloud-hosted infrastructure
  • Background in GRC (Governance, Risk, and Compliance) in addition to hands-on security operations

What This Role Is Not

  • Not a senior security architect or vCISO seat — this is a mid-level, hybrid role
  • Not the primary interface with the auditor — client leadership owns that relationship
  • Not initially scoped for vulnerability management or third-party risk — those may be added as the engagement grows

This is a confidential opportunity. Identifying details have been withheld intentionally.

Apply once. Then go straight to the hiring manager.

After you apply, unlock the direct contact details of the people who actually make the call. A quick follow-up makes you 5x more likely to land an interview.

MR

Marcus Rivera

Chief Revenue Officer

m.rivera@company.com
linkedin.com/in/marcusrivera
Unlocked after you apply
·

Information Security Analyst Related jobs

Other jobs at NexusTek

Premium

Reach out to the hiring manager directly.

Gain access to the contact details of the hiring managers who actually decide, and reach out to network with them directly. That, plus more when you upgrade:

  • Full match report with fit score and gaps
  • Career diagnostics on how recruiters read you
  • Curated company matches and warm intros
  • 48h early access to new roles

Cancel anytime.