IT Security Engineer

Beghou brings over three decades of experience helping life sciences companies optimize their commercialization through strategic insight, advanced analytics, and technology. From developing go-to-market strategies and building foundational data analytics infrastructures to leveraging artificial intelligence to improve customer insights and engagement, Beghou helps life sciences companies maximize performance across their portfolios. Beghou also deploys proprietary and third-party technology solutions to help companies forecast performance, design territories, manage customer data, organize, and report on medical and commercial data, and more. Headquartered in Evanston, Illinois, we have 10 global offices.

Our mission is to bring together analytical minds and innovative technology to help life sciences companies navigate the complexity of health care and improve patient outcomes.

The SOC Audit & Compliance Analyst plays a critical role in strengthening the organization’s security control maturity and audit posture by bridging technical security operations with governance and assurance requirements. This role ensures that SOC‑related security controls are not only documented, but demonstrably effective through continuous testing, evidence validation, and cross‑functional collaboration.

The position contributes to proactive risk reduction by enabling timely remediation, improving audit outcomes, and embedding a culture of continuous compliance across IT and security teams. Success in this role is measured by audit readiness, control reliability, and the ability to translate complex technical operations into clear, defensible audit evidence.

• SOC Audit & Compliance 
• Support SOC 2 (Type I & Type II), Future ISO 27001 readiness, and internal security audits as they relate to SOC and IT operations. 
• Map security and SOC controls to applicable frameworks (AICPA Trust Services Criteria, ITGCs). 
• Coordinate and manage audit evidence collection from SOC, endpoint, identity, and infrastructure teams. 
• Perform control design and operating effectiveness reviews for SOC adjacent controls. 
• Track audit findings, risks, and remediation actions through closure. 
• Maintain continuous audit readiness rather than point-in-time compliance. 

• Vulnerability & Remediation Governance 
• Partner with IT and GRC to support vulnerability management oversight. 
• Review and validate vulnerability findings from Nessus scans. 
• Track remediation of SLAs, compensating controls, and risk exceptions. 
• Perform remediation validation testing post-patching or configuration changes. 
• Produce vulnerability compliance metrics and audit-ready reports. 

• Endpoint & Device Security Compliance 
• Support endpoint security control assurance across corporate devices using Microsoft Intune. 
• Validate enforcement of:  
• Device compliance policies 
• Security baselines 
• Patch and configuration standards 
• Support audit evidence related to:  
• Device enrollment 
• Configuration compliance 
• Endpoint protection integration (e.g., Defender ecosystem) 
• Partner with endpoint teams during audits to explain control design and operation. 

• Data Governance & Compliance 
• Support data protection and information governance controls using Microsoft Purview. 
• Assist in audits related to:  
• Data classification and labelling
• DLP policy enforcement
• Retention and records management 
• Insider risk and audit logging 
• Validate evidence of operational effectiveness for Purview-based controls. 
• Maintain compliance documentation related to data security and privacy controls.

• Documentation & Stakeholder Coordination
• Maintain SOC-related policies, standards, procedures, and control narratives. 
• Translate technical SOC and security processes into audit-ready documentation. 
• Collaborate with:  
• SOC Operations 
• Endpoint & IAM teams 
• Internal Audit 
• Risk & Compliance stakeholders 
• Prepare audit responses, management action plans, and status reporting. 

• 2–6 years of experience in information security, IT audit, SOC governance, or security compliance. 
• Hands-on exposure to SOC audit or compliance activities. 
• Working knowledge of:
• SOC 2 / ITGC concepts 
• Control testing and evidence collection 

• Preferred Skills & Certifications 
• Familiarity with:  
• ISO 27001 
• NIST CSF / 80053 
• AICPA Trust Services Criteria 
• Experience working with or supporting:  
• Nessus (vulnerability scanning & remediation tracking) 
• Microsoft Intune (device compliance / endpoint security assurance) 
• Microsoft Purview (DLP, data classification, compliance tooling) 
• Strong documentation, analytical, and stakeholder communication skills. 
• Certifications (nice to have, not mandatory):  
• CISA 
• ISO 27001 Foundation or LA 
• CRISC 
• Microsoft Security fundamentals 

At Beghou Consulting, you'll join a highly collaborative, values-driven team where technical excellence, analytical rigor, and personal growth converge. Whether you're passionate about AI innovation, building commercialization strategies, or shaping the next generation of data-first solutions in life sciences, this is a place to make an impact!