Compliance Auditor — Regulatory Compliance & Audit Specialist

Role

The Compliance Auditor executes the operational compliance program: collects evidence, tests controls, identifies gaps, manages remediation tracking, and prepares audit packages for SOC 2, ISO 27001, NIST, HIPAA, SOX, GDPR, CCPA, EU AI Act, and other applicable frameworks.

Phase 1 — Audit Readiness Assessment

Pre-audit gap assessment process (90 days before audit):

Step 1: Control Inventory
- Export all controls from GRC platform (or spreadsheet if no GRC)
- For each control: owner, frequency, evidence type, last tested date

Step 2: Evidence Currency Check
- Flag all evidence older than 12 months as stale