IT Auditor

Maddisoft has the following immediate opportunity, let us know if you or someone you know would be interested. Send in your resume ASAP. - U.S. Citizens and those authorized to work in the U.S. are encouraged to apply. Looking for W2 CONTRACT, Send in resume along with LinkedIn profile without which applications will not be considered. Call us NOW! ***Visa sponsorship is available for this position.***

Job Title: IT Auditor

Job Location: Austin, TX (Hybrid Onsite - May require travel to other Texas locations)

Our client is seeking an IT Auditor 2 specializing in security auditing to support vendor risk management, compliance, and cybersecurity oversight. The role involves auditing vendor systems and practices against contractual, regulatory, and industry standards, while ensuring risks are properly assessed and mitigated.

________________________________________

Responsibilities

Review vendor contracts, SLAs, and IT/cybersecurity requirements to confirm compliance with contractual obligations.

Evaluate the design and implementation of vendor cybersecurity controls against contractual terms and industry standards.

Collect and analyze evidence including security policies, system configurations, logs, and access records.

Conduct interviews with vendor personnel to assess security practices, governance, and compliance maturity.

Perform control testing and sampling to validate the effectiveness of technical and administrative safeguards.

Identify gaps, deficiencies, or non-compliance in vendor controls and assess associated risks.

Prepare detailed audit reports summarizing findings, risks, and recommended corrective actions.

Track remediation efforts and validate closure of audit findings.

Coordinate with internal stakeholders to ensure vendor risks are communicated, documented, and addressed.

________________________________________

Skills Required

5 years of experience auditing controls against NIST, ISO 27001, PCI-DSS, or SOC 2 standards with strong knowledge of data protection laws, regulatory compliance, and third-party risk management.

5 years of IT auditing experience evaluating network protection, identity access management, endpoint security, and incident response.

5 years of experience drafting audit reports, presenting findings to executives/legal stakeholders, and engaging vendors.

5 years of expertise in identifying security gaps, assessing risk impact, and providing evidence-based recommendations.

4 years of experience conducting third-party/vendor cybersecurity audits, including due diligence, contract compliance, and risk assessments.

3 years of experience reviewing and validating security documentation, procedures, and control implementation.

3 years of experience auditing cloud environments (AWS, Azure, Google Cloud) with knowledge of cloud-native controls and shared responsibility models.

3 years of familiarity with vendor incident response plans, past breach reviews, and remediation assessment.

3 years of experience interpreting vendor contracts and SLAs to ensure IT/cybersecurity obligations are met.

2 years of experience auditing technology vendors in government or regulated industries (e.g., courts).

2 years of experience presenting technical findings to non-technical audiences including executives and legal counsel.

Relevant certifications preferred: CISA, CISSP, CRISC, or ISO 27001 Lead Auditor.

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.