IT Security Auditor
IT Security Auditor
Posted on :
01-10-2025
Employer Active
1 Vacancy
Job Alert
You will be updated with latest job alerts via emailValid email field required
Send jobs
Share
Send me jobs like this
Job Alert
You will be updated with latest job alerts via emailValid email field required
Send jobs
Job Description
Position: IT Auditor 2
Duration: 6 Months
Location: Austin TX (Hybrid)
The primary work location(s) will be at Office Location - 205 W 14th Street Austin TX 78701 Candidate May require to travel to other locations in TX.
SPECIAL REQUIREMENTS
May require travel to interview vendor staff as appropriate.
May require travel to interview other clients as appropriate.
DESCRIPTION OF SERVICES
- Review vendor contracts SLAs and other IT and cybersecurity contractual requirements to confirm compliance with contractual obligations.
- Evaluate the design and implementation of vendor cybersecurity controls against contractual and industry standards.
- Collect and analyse evidence such as security policies system configurations logs and access records.
- Conduct interviews with vendor personnel to assess security practices and governance.
- Perform control testing and sampling to verify the effectiveness of technical and administrative safeguards.
- Identify gaps deficiencies or non-compliance in vendor controls and assess associated risks.
- Prepare audit reports summarizing findings risks and recommended corrective actions.
- Track remediation efforts and validate closure of audit findings.
- Coordinate with internal stakeholders to ensure vendor risks are communicated and addressed.
Required Skills
- 5 years of experience Cybersecurity frameworks and compliance: Proven experience auditing controls against NIST ISO 27001 PCI-DSS or SOC 2 standards with working knowledge of current data protection laws regulatory compliance and third-party risk management practices.
- 5 years of experience Technical IT auditing: Strong ability to evaluate security controls such as network protection identity access management endpoint security and incident response across modern IT environments.
- 5 years of experience Communication and reporting: Experienced in drafting audit reports presenting findings to executive and legal stakeholders and engaging vendors constructively.
- 5 years of experience Analytical and investigative thinking: Demonstrated ability to identify security gaps assess risk impact and make sound evidence-based recommendations.
- 4 years of experience Third-party/vendor risk auditing: Hands-on experience conducting cybersecurity audits of external vendors including due diligence contract compliance and risk assessments.
- 3 years of experience Policy and documentation review: Skilled at reviewing and validating security documentation procedures and control implementation for accuracy and completeness.
Preferred Skills
- 3 years of experience Cloud cybersecurity auditing: Experience auditing vendor environments hosted in AWS Azure or Google Cloud including cloud-native controls and shared responsibility models.
- 3 years of experience Incident response and breach assessment: Familiarity with analyzing vendor incident response plans reviewing past breaches and evaluating remediation practices.
- 3 years of experience Contract interpretation and SLA compliance: Ability to interpret legal and technical language in vendor contracts to ensure proper implementation of SLAs IT and cybersecurity obligations.
- 2 years of experience Government or regulated industry experience: Background in auditing technology vendors serving courts.
- 2 years of experience Presentation to executives: Experience summarizing technical findings for non-technical audiences including C-suite executives or legal counsel.
- 1 year of experience Certifications: At least one relevant certification (CISA CISSP CRISC or ISO 27001 Lead Auditor).
Employment Type
Full-time
Key Skills
Report This Job
Disclaimer: Drjobpro.com is only a platform that connects job seekers and employers. Applicants are advised to conduct their own independent research into the credentials of the prospective employer.We always make certain that our clients do not endorse any request for money payments, thus we advise against sharing any personal or bank-related information with any third party. If you suspect fraud or malpractice, please contact us via contact us page.
