ZipRecruiter
Job DescriptionJob Description
Texas Only | | Closes 10/10 Loc: Hybrid On Site & Telework - USC/GC (no H1B)
I. DESCRIPTION OF SERVICES
Office of Court Administration
requires the services of
1 IT Auditor 2 , hereafter referred to as Candidate(s), who meets the general qualifications of
IT Auditor 2, Security
and the specifications outlined in this document for the
Office of Court Administration .
Review vendor contracts, SLAs, and other IT and cybersecurity contractual requirements to confirm compliance with contractual obligations.
Evaluate the design and implementation of vendor cybersecurity controls against contractual and industry standards.
Collect and analyze evidence such as security policies, system configurations, logs, and access records.
Conduct interviews with vendor personnel to assess security practices and governance.
Perform control testing and sampling to verify the effectiveness of technical and administrative safeguards.
Identify gaps, deficiencies, or non-compliance in vendor controls and assess associated risks.
Prepare audit reports summarizing findings, risks, and recommended corrective actions.
Track remediation efforts and validate closure of audit findings.
Coordinate with internal stakeholders to ensure vendor risks are communicated and addressed.
II. CANDIDATE SKILLS AND QUALIFICATIONS
Minimum Requirements: Candidates that do not meet or exceed the
minimum
stated requirements (skills/experience) will be displayed to customers but may not be chosen for this opportunity.YearsRequired/ PreferredExperience5RequiredCybersecurity frameworks and compliance: Proven experience auditing controls against NIST, ISO 27001, PCI-DSS, or SOC 2 standards, with working knowledge of current data protection laws, regulatory compliance, and third-party risk management practices.5RequiredTechnical IT auditing: Strong ability to evaluate security controls such as network protection, access management, endpoint security, and incident response across modern IT environments.5RequiredCommunication and reporting: Experienced in drafting audit reports, presenting findings to executive and legal stakeholders, and engaging vendors constructively.5RequiredAnalytical and investigative thinking: Demonstrated ability to identify security gaps, assess risk impact, and make sound, evidence-based recommendations.4RequiredThird-party/vendor risk auditing: Hands-on experience conducting cybersecurity audits of external vendors, including due diligence, contract compliance, and risk assessments.3RequiredPolicy and documenta
Texas Only | | Closes 10/10 Loc: Hybrid On Site & Telework - USC/GC (no H1B)
I. DESCRIPTION OF SERVICES
Office of Court Administration
requires the services of
1 IT Auditor 2 , hereafter referred to as Candidate(s), who meets the general qualifications of
IT Auditor 2, Security
and the specifications outlined in this document for the
Office of Court Administration .
Review vendor contracts, SLAs, and other IT and cybersecurity contractual requirements to confirm compliance with contractual obligations.
Evaluate the design and implementation of vendor cybersecurity controls against contractual and industry standards.
Collect and analyze evidence such as security policies, system configurations, logs, and access records.
Conduct interviews with vendor personnel to assess security practices and governance.
Perform control testing and sampling to verify the effectiveness of technical and administrative safeguards.
Identify gaps, deficiencies, or non-compliance in vendor controls and assess associated risks.
Prepare audit reports summarizing findings, risks, and recommended corrective actions.
Track remediation efforts and validate closure of audit findings.
Coordinate with internal stakeholders to ensure vendor risks are communicated and addressed.
II. CANDIDATE SKILLS AND QUALIFICATIONS
Minimum Requirements: Candidates that do not meet or exceed the
minimum
stated requirements (skills/experience) will be displayed to customers but may not be chosen for this opportunity.YearsRequired/ PreferredExperience5RequiredCybersecurity frameworks and compliance: Proven experience auditing controls against NIST, ISO 27001, PCI-DSS, or SOC 2 standards, with working knowledge of current data protection laws, regulatory compliance, and third-party risk management practices.5RequiredTechnical IT auditing: Strong ability to evaluate security controls such as network protection, access management, endpoint security, and incident response across modern IT environments.5RequiredCommunication and reporting: Experienced in drafting audit reports, presenting findings to executive and legal stakeholders, and engaging vendors constructively.5RequiredAnalytical and investigative thinking: Demonstrated ability to identify security gaps, assess risk impact, and make sound, evidence-based recommendations.4RequiredThird-party/vendor risk auditing: Hands-on experience conducting cybersecurity audits of external vendors, including due diligence, contract compliance, and risk assessments.3RequiredPolicy and documenta