Senior GRC Consultant - SOC 2 / ISO 27001 Implementation (LATAM, Remote, US Clients) - Contract to Hire

Remote Full-time
Job Description

Amomitto Security is a US-based cybersecurity consultancy hiring two Senior GRC Consultants to join our delivery team as long-term hires with real growth opportunity. We start on Upwork to validate fit, then convert to a full-time offer at $80K base / $100K OTE, with a clear path to practice lead / vCISO work as we scale.

You'll lead SOC 2 and ISO 27001 implementations for US-based clients (SaaS, fintech, healthtech), own vendor security questionnaires (VSQs) end-to-end, and work directly with client security and engineering teams. This is not an audit role - we implement. We need people who can walk into a messy client environment, separate real controls from compliance theater, and tell the client what it actually takes to get audit-ready.

What you'll do

Lead SOC 2 Type I and Type II implementations from gap assessment through audit readiness

Run ISO 27001 implementations: ISMS build-out, risk assessment, SoA, control mapping

Evaluate existing client policies and controls critically — catch when purchased templates describe an organization that doesn't exist, and rewrite to reflect reality

Map findings accurately to Trust Services Criteria (CC1-CC9) and ISO Annex A controls

Own vendor security questionnaires solo — technical responses across SSO/MFA, IAM, encryption, network controls, cloud architecture

Work directly with client engineering teams on control implementation in AWS, GCP, and Azure

Manage client Vanta / Drata / Secureframe instances — integrations, failing checks, evidence collection, getting from 30% to 95%+

Flag adjacent framework needs (HIPAA, PCI DSS) when scope demands it, even if the client didn't ask

Present findings and remediation plans directly to client VPs, CTOs, and CEOs

Draft client-ready policies, gap assessments, and audit readiness timelines

Required

5-7 years in GRC / information security consulting - you've implemented (not just audited) SOC 2 and/or ISO 27001 for multiple clients

Strong judgment and consulting instinct - you can read a policy package and immediately tell whether it reflects real operating controls or is aspirational theater, and you know how to explain the difference to a non-technical executive

Technical depth to own VSQs without engineering backup - SSO/MFA, IAM, encryption at rest/in transit, network segmentation, cloud primitives in AWS, GCP, or Azure

Working knowledge of Vanta, Drata, or Secureframe - integrations, failing checks, remediation prioritization

Consulting background - current or recent role at a cybersecurity or compliance consultancy (not in-house compliance for a single company)

Professional-level English - you'll be on client calls daily, presenting findings and pushing back on executives. This is non-negotiable.

Based in LATAM (Argentina, Colombia, Mexico, Chile, Costa Rica, Uruguay, Peru, Brazil)

Strong written communication - most client deliverables are documents that get sent without editing

Nice to have

HIPAA, PCI DSS, GDPR, or NIST 800 fifty 3 experience

Certifications: ISO 27001 LA/LI, CISA, CRISC, CCSK, AWS/GCP/Azure Security

Prior experience working with US clients on GMT-5 to GMT-8 hours

Healthcare, fintech, or other regulated industry exposure

What we offer

Long-term hire with growth opportunity - Upwork trial first, then $80K base / $100K OTE full-time, with a path into practice lead / vCISO work as our LATAM delivery team scales

Remote, full-time, LATAM-based

Direct work with US clients in regulated industries

Senior-only team - All ownership, all deliverables

Small, senior team, direct collaboration with the CEO, no corporate bureaucracy

About us

Amomitto Security is a US cybersecurity consultancy delivering vCISO, compliance, corporate security, and offensive security services. We're building our LATAM delivery team to serve growing demand from US clients.

Hiring Process

Upwork proposal review - we read every answer

30-min intro call - mutual fit, scope of your past work

Paid technical assessment - $200 USD, ~4 hours total (30-min kickoff, 2.5 hrs independent work on a realistic SOC 2 readiness scenario, 1-hr walkthrough call). We pay for your time regardless of outcome.

Offer - start on Upwork, convert to full-time at $80K/$100K OTE

Apply tot his job

Apply To this Job
Apply Now →

Similar Jobs

Experienced Registered Behavior Technician for In-Home ABA Therapy - Atlanta, GA

Remote

Immediate Hiring: Experienced Registered Behavioral Technician (RBT) for Clinic-Based ABA Therapy Services

Remote

Experienced Registered Behavioral Technician (RBT) - ABA Therapy for Children with Autism Spectrum Disorder

Remote

Experienced Registered Nurse - Telehealth: Providing Remote Care Coordination and Patient Support

Remote

Experienced Substitute Teacher for Riverside County Schools - Join Scoot Education's Innovative Team

Remote

Experienced Substitute Teacher for San Bernardino County - Flexible Schedules & Competitive Pay

Remote

Experienced School Year Instructional Coach for High-Dosage Tutoring Programs in Edgewater Park, NJ

Remote

Experienced School Year Tutor for K-8 Students in Math and Literacy - Mickleton, NJ

Remote

Experienced Secondary Social Studies Teacher for Kansas - Flexible Hybrid Remote Arrangement

Remote

USPS Office Helper

Remote

Medical Science Liaison (East Coast)

Remote

Experienced Part-Time Remote Data Entry Clerk – Flexible Schedule, Comprehensive Training, and Career Growth Opportunities at arenaflex

Remote

Cleaning Validation Associate - Engineering (Remote)

Remote

Area Retention Supervisor

Remote

Video Editor - Fully Remote

Remote

**Experienced Entry-Level Data Entry Clerk – Part-Time Remote Opportunity at blithequark**

Remote

Sr Cybersecurity Analyst - Asset Discovery (ARMIS) - Remote

Remote

OR | RN

Remote

Federal Systems Integrator Account Manager

Remote

**Experienced Team Leader – Customer Service and Operations at arenaflex Work From Home**

Remote
← Back