TX DIR-IT Auditor 3-302CSD2653
Share
Job Location:
Austin, TX - USA
Monthly Salary:
Not Disclosed
Posted on:
21 hours ago
Vacancies:
1 Vacancy
Job Summary
Job Description
I. DESCRIPTION OF SERVICESOffice of the Attorney General of Texas requires the services of 1 IT Auditor 3 hereafter referred to as Candidate(s) who meets the general qualifications of IT Auditor 3 Security and the specifications outlined in this document for the Office of the Attorney General of Texas.
We are seeking a highly motivated and talented individual to join our cybersecurity team at the Texas Office of the Attorney General (TxOAG) as an IT Auditor. The IT Auditor is responsible for providing independent assurance over the organizations information technology and cybersecurity control environment. The role supports risk management regulatory compliance and the overall effectiveness of cybersecurity governance.
Responsibilities may include but are not limited to:
1. Plan execute and report on IT and cybersecurity audits to assess the effectiveness of security controls risk management practices and compliance with policies and regulations
2. Evaluate the design and operating effectiveness of cybersecurity controls across areas such as identity and access management network security endpoint protection cloud security and data protection
3. Conduct risk assessments and control testing aligned to recognized frameworks (e.g. NIST CSF ISO 27001 CIS Controls COBIT)
4. Assess compliance with applicable regulatory and contractual requirements (e.g. SOX PCI DSS HIPAA GDPR SOC reports internal policies)
5. Review vulnerability management incident response disaster recovery and business continuity processes to ensure preparedness and resilience
6. Collaborate closely with GRC and business stakeholders to understand systems processes and compliance
7. Identify control gaps root causes and risk implications and develop clear actionable audit findings and recommendations
8. Track and validate remediation efforts to ensure timely and effective resolution of audit issues
9. Support third-party risk assessments including reviews of vendor security controls and SOC reports
10. Stay current on evolving regulatory changes and industry best practices to continuously enhance audit approaches
11. Contribute to the continuous improvement of audit methodologies tools and automation techniques
12. Prepare and present audit results to management and when required senior leadership or audit committees.
The above job description and requirements are general in nature and may be subject to change based on the specific needs and requirements of the organization and project.
II. CANDIDATE SKILLS AND QUALIFICATIONS
Minimum Requirements:
Candidates that do not meet or exceed the minimum stated requirements (skills/experience) will be displayed to customers but may not be chosen for this opportunity.
| Years | Required/Preferred | Experience |
| 8 | Required | Plan conduct and document IT and cybersecurity audits in accordance with approved audit methodologies and professional standards. |
| 8 | Required | Evaluate the design and operating effectiveness of information security controls across systems networks applications cloud environments and data platforms. |
| 8 | Required | Assess cybersecurity risks and controls in alignment with recognized frameworks and standards |
| 8 | Required | Perform testing to assess compliance with applicable laws regulations contractual obligations and internal policies. |
| 8 | Required | Review and assess processes related to identity and access management vulnerability management incident response disaster recovery and business continuity. |
| 8 | Required | Identify control deficiencies assess risk impact and develop clear well-supported audit findings and recommendations. |
| 8 | Required | Prepare formal audit reports that communicate results conclusions and remediation requirements to management. |
| 8 | Required | Monitor track and validate management remediation plans to ensure timely and effective resolution of audit issues. |
| 8 | Required | Ability to resolve complex security issues in diverse and decentralized environments; to learn communicate and teach new information and security technologies; and to communicate effectively. |
| 8 | Required | Conduct forensic investigations on cyberattacks to determine how they occurred and how they can be prevented in the future. |
| 3 | Preferred | CISSP PMP certifications |
III. TERMS OF SERVICE
Services are expected to start 03/02/2026 and are expected to complete by 08/31/2026. Total estimated hours per Candidate shall not exceed 1016 hours. This service may be amended renewed and/or extended providing both parties agree to do so in writing.
IV. WORK HOURS AND LOCATION
Services shall be provided during normal business hours unless otherwise coordinated through the Office of the Attorney General of Texas. Normal business hours are Monday through Friday from 8:00 AM to 5:00 PM excluding State holidays when the agency is closed.
The primary work location(s) will be at OAG State Office located at 5500 E. Oltorf St Austin TX 78741. Teleworking is currently allowed for this contract position with management approval.. The working position is Hybrid - On Site and Telework. Any and all travel per diem parking and/or living expenses shall be at the Candidates and/or Vendors expense. Office of the Attorney General of Texas will provide pre-approved written authorization for travel for any services to be performed away from the primary work location(s). Pre-approved travel expenses are limited to the rates and comply with the rules prescribed by the State of Texas for travel by its classified employees including any requirement for original receipts.
The Candidate(s) may be required to work outside the normal business hours on weekends evenings and holidays as requested. Payment for work over 40 hours will be at the hourly rate quoted and must be coordinated and pre-approved through Office of the Attorney General of Texas.
V. OTHER SPECIAL REQUIREMENTS
The candidate(s) will be subject to a criminal background check that includes a DPS/FBI background check and fingerprinting.
Required Experience:
IC
Key Skills
- IT Experience
- ISO 27001
- Risk Management
- COSO
- IT Auditing
- PCI
- COBIT
- NIST Standards
- SOX
- Information Security
- Internal Audits
- FISMA
About Company
Who We Are & What We Do Established in 2005, Knowledge Builders Inc. (KBI) provides Information Technology Consulting, Administrative and Health Care Staffing solutions, Payrolling and Call Center services to companies and governmental entities of all sizes. KBI is a Woman-Owned Bus ... View more
