IT Auditor Cybersecurity Compliance

Hill Country Project Management LLC

Job Location:

Austin - USA

Monthly Salary: Not Disclosed

Posted on: 30+ days ago

Vacancies: 1 Vacancy

Job Summary

Texas Residents Only Closes 10/10
Loc: Hybrid On Site & Telework - USC/GC (no H1B)

I. DESCRIPTION OF SERVICES

Office of Court Administration requires the services of 1 IT Auditor 2 hereafter referred to as Candidate(s) who meets the general qualifications of IT Auditor 2 Security and the specifications outlined in this document for the Office of Court Administration.

Review vendor contracts SLAs and other IT and cybersecurity contractual requirements to confirm compliance with contractual obligations.
Evaluate the design and implementation of vendor cybersecurity controls against contractual and industry standards.
Collect and analyze evidence such as security policies system configurations logs and access records.
Conduct interviews with vendor personnel to assess security practices and governance.
Perform control testing and sampling to verify the effectiveness of technical and administrative safeguards.
Identify gaps deficiencies or non-compliance in vendor controls and assess associated risks.
Prepare audit reports summarizing findings risks and recommended corrective actions.
Track remediation efforts and validate closure of audit findings.
Coordinate with internal stakeholders to ensure vendor risks are communicated and addressed.

II. CANDIDATE SKILLS AND QUALIFICATIONS

Minimum Requirements: Candidates that do not meet or exceed the minimum stated requirements (skills/experience) will be displayed to customers but may not be chosen for this opportunity.
Years	Required/ Preferred	Experience
5	Required	Cybersecurity frameworks and compliance: Proven experience auditing controls against NIST ISO 27001 PCI-DSS or SOC 2 standards with working knowledge of current data protection laws regulatory compliance and third-party risk management practices.
5	Required	Technical IT auditing: Strong ability to evaluate security controls such as network protection identity access management endpoint security and incident response across modern IT environments.
5	Required	Communication and reporting: Experienced in drafting audit reports presenting findings to executive and legal stakeholders and engaging vendors constructively.
5	Required	Analytical and investigative thinking: Demonstrated ability to identify security gaps assess risk impact and make sound evidence-based recommendations.
4	Required	Third-party/vendor risk auditing: Hands-on experience conducting cybersecurity audits of external vendors including due diligence contract compliance and risk assessments.
3	Required	Policy and documentation review: Skilled at reviewing and validating security documentation procedures and control implementation for accuracy and completeness.
3	Preferred	Cloud cybersecurity auditing: Experience auditing vendor environments hosted in AWS Azure or Google Cloud including cloud-native controls and shared responsibility models.
3	Preferred	Incident response and breach assessment: Familiarity with analyzing vendor incident response plans reviewing past breaches and evaluating remediation practices.
3	Preferred	Contract interpretation and SLA compliance: Ability to interpret legal and technical language in vendor contracts to ensure proper implementation of SLAs IT and cybersecurity obligations.
2	Preferred	Government or regulated industry experience: Background in auditing technology vendors serving courts.
2	Preferred	Presentation to executives: Experience summarizing technical findings for non-technical audiences including C-suite executives or legal counsel.
1	Preferred	Certifications: At least one relevant certification (CISA CISSP CRISC or ISO 27001 Lead Auditor).

Texas Residents Only Closes 10/10 Loc: Hybrid On Site & Telework - USC/GC (no H1B) I. DESCRIPTION OF SERVICES Office of Court Administration requires the services of 1 IT Auditor 2 hereafter referred to as Candidate(s) who meets the general qualifications of IT Auditor 2 Security and the ...

Review vendor contracts SLAs and other IT and cybersecurity contractual requirements to confirm compliance with contractual obligations.
Evaluate the design and implementation of vendor cybersecurity controls against contractual and industry standards.
Collect and analyze evidence such as security policies system configurations logs and access records.
Conduct interviews with vendor personnel to assess security practices and governance.
Perform control testing and sampling to verify the effectiveness of technical and administrative safeguards.
Identify gaps deficiencies or non-compliance in vendor controls and assess associated risks.
Prepare audit reports summarizing findings risks and recommended corrective actions.
Track remediation efforts and validate closure of audit findings.
Coordinate with internal stakeholders to ensure vendor risks are communicated and addressed.

II. CANDIDATE SKILLS AND QUALIFICATIONS

Minimum Requirements: Candidates that do not meet or exceed the minimum stated requirements (skills/experience) will be displayed to customers but may not be chosen for this opportunity.
Years	Required/ Preferred	Experience
5	Required	Cybersecurity frameworks and compliance: Proven experience auditing controls against NIST ISO 27001 PCI-DSS or SOC 2 standards with working knowledge of current data protection laws regulatory compliance and third-party risk management practices.
5	Required	Technical IT auditing: Strong ability to evaluate security controls such as network protection identity access management endpoint security and incident response across modern IT environments.
5	Required	Communication and reporting: Experienced in drafting audit reports presenting findings to executive and legal stakeholders and engaging vendors constructively.
5	Required	Analytical and investigative thinking: Demonstrated ability to identify security gaps assess risk impact and make sound evidence-based recommendations.
4	Required	Third-party/vendor risk auditing: Hands-on experience conducting cybersecurity audits of external vendors including due diligence contract compliance and risk assessments.
3	Required	Policy and documentation review: Skilled at reviewing and validating security documentation procedures and control implementation for accuracy and completeness.
3	Preferred	Cloud cybersecurity auditing: Experience auditing vendor environments hosted in AWS Azure or Google Cloud including cloud-native controls and shared responsibility models.
3	Preferred	Incident response and breach assessment: Familiarity with analyzing vendor incident response plans reviewing past breaches and evaluating remediation practices.
3	Preferred	Contract interpretation and SLA compliance: Ability to interpret legal and technical language in vendor contracts to ensure proper implementation of SLAs IT and cybersecurity obligations.
2	Preferred	Government or regulated industry experience: Background in auditing technology vendors serving courts.
2	Preferred	Presentation to executives: Experience summarizing technical findings for non-technical audiences including C-suite executives or legal counsel.
1	Preferred	Certifications: At least one relevant certification (CISA CISSP CRISC or ISO 27001 Lead Auditor).