Megan Soft Inc is hiring: IT Auditor and Cybersecurity in Austin

The Office of Court Administration is looking for an experienced IT Auditor II to join our team in Austin, TX. In this role, you will be responsible for reviewing vendor contracts, assessing cybersecurity controls, and ensuring compliance with industry standards and contractual requirements. You’ll work closely with vendors and internal stakeholders to identify risks, document findings, and recommend corrective actions that strengthen overall security posture.

Key Responsibilities

• Review vendor contracts, SLAs, and cybersecurity requirements to ensure compliance.
• Assess vendor cybersecurity controls against contractual, legal, and industry standards (NIST, ISO 27001, SOC 2, PCI-DSS).
• Collect and analyze evidence such as policies, configurations, logs, and access records.
• Conduct interviews with vendor staff to evaluate security practices.
• Perform control testing and validate the effectiveness of technical and administrative safeguards.
• Identify risks, gaps, and deficiencies in vendor security practices.
• Prepare clear audit reports with findings, risks, and recommended remediation.
• Track remediation progress and verify closure of audit findings.
• Collaborate with internal teams to ensure vendor risks are communicated and managed effectively.

Must-Have Skills (Required)

• 5+ years of experience auditing security controls using frameworks such as NIST, ISO 27001, PCI-DSS, or SOC 2.
• Strong IT auditing background, including areas like network security, IAM, endpoint protection, and incident response.
• Excellent communication skills, with experience writing audit reports and presenting findings to executive or legal stakeholders.
• Proven analytical and investigative skills to assess risks and recommend solutions.
• 4+ years of hands-on third-party/vendor risk auditing experience.
• 3+ years of reviewing security policies, procedures, and documentation for accuracy.

Nice-to-Have Skills (Preferred)

• Experience auditing cloud environments (AWS, Azure, GCP).
• Knowledge of incident response and breach assessment.
• Ability to interpret IT and cybersecurity obligations in vendor contracts and SLAs.
• Background in government or regulated industries (courts preferred).
• Experience presenting technical findings to executive or legal audiences.
• Relevant certifications (CISA, CISSP, CRISC, ISO 27001 Lead Auditor).

We are an equal opportunity employer and welcome applications from diverse candidates.