IT Auditor 2

Position: IT Auditor 2
Location: 3 Days Onsite in Austin, TX 2 days remote

Must have NIST PCI-DSS experience and willing to travel to client locations

Job Description

* Review vendor contracts, SLAs, and other IT and cybersecurity contractual requirements to confirm compliance with contractual obligations.
* Evaluate the design and implementation of vendor cybersecurity controls against contractual and industry standards.
* Collect and analyze evidence such as security policies, system configurations, logs, and access records.
* Conduct interviews with vendor personnel to assess security practices and governance.
* Perform control testing and sampling to verify the effectiveness of technical and administrative safeguards.
* Identify gaps, deficiencies, or non-compliance in vendor controls and assess associated risks.
* Prepare audit reports summarizing findings, risks, and recommended corrective actions.
* Track remediation efforts and validate closure of audit findings.
* Coordinate with internal stakeholders to ensure vendor risks are communicated and addressed.

MUST HAVE
5 Required Cybersecurity frameworks and compliance: Proven experience auditing controls against NIST, ISO 27001, PCI-DSS, or SOC 2
standards, with working knowledge of current data protection laws, regulatory compliance, and third-party risk management
practices.
Technical IT auditing: Strong ability to evaluate security controls such as network protection, identity access management,
endpoint security, and incident response across modern IT environments.
Communication and reporting: Experienced in drafting audit reports, presenting findings to executive and legal stakeholders, and
engaging vendors constructively.
Analytical and investigative thinking: Demonstrated ability to identify security gaps, assess risk impact, and make sound,
evidence-based recommendations.
Third-party/vendor risk auditing: Hands-on experience conducting cybersecurity audits of external vendors, including due
diligence, contract compliance, and risk assessments.
Policy and documentation review: Skilled at reviewing and validating security documentation, procedures, and control
implementation for accuracy and completeness.
PREFERRED
3 Preferred Cloud cybersecurity auditing: Experience auditing vendor environments hosted in AWS, Azure, or Google Cloud, including
cloud-native controls and shared responsibility models.
Incident response and breach assessment: Familiarity with analyzing vendor incident response plans, reviewing past breaches, and
evaluating remediation practices.
Contract interpretation and SLA compliance: Ability to interpret legal and technical language in vendor contracts to ensure proper
implementation of SLAs, IT, and cybersecurity obligations.
Government or regulated industry experience: Background in auditing technology vendors serving courts.
Presentation to executives: Experience summarizing technical findings for non-technical audiences, including C-suite executives or
legal counsel.
Certifications: At least one relevant certification (CISA, CISSP, CRISC, or ISO 27001 Lead Auditor).