ZipRecruiter
Overview
Job Title:
IT Auditor 2 (Hybrid) Location:
Austin, TX Duration:
12 Months Responsibilities
Review vendor contracts, SLAs, and other IT and cybersecurity contractual requirements to confirm compliance with contractual obligations. Evaluate the design and implementation of vendor cybersecurity controls against contractual and industry standards. Collect and analyze evidence such as security policies, system configurations, logs, and access records. Conduct interviews with vendor personnel to assess security practices and governance. Perform control testing and sampling to verify the effectiveness of technical and administrative safeguards. Identify gaps, deficiencies, or non-compliance in vendor controls and assess associated risks. Prepare audit reports summarizing findings, risks, and recommended corrective actions. Track remediation efforts and validate closure of audit findings. Coordinate with internal stakeholders to ensure vendor risks are communicated and addressed. Candidate Skills and Qualifications
Minimum Requirements:
Candidates must meet or exceed the stated requirements. Years Required/Experience, and relevant experience are described below. 5+ years of experience in Cybersecurity frameworks and compliance with auditing controls against NIST, ISO 27001, PCI-DSS, or SOC 2; working knowledge of current data protection laws, regulatory compliance, and third-party risk management practices. 5+ years of IT auditing experience; ability to evaluate security controls (network protection, access management, endpoint security, incident response) across modern IT environments. 5+ years of experience in drafting audit reports, presenting findings to executive and legal stakeholders, and engaging vendors constructively. 5+ years of analytical and investigative thinking; ability to identify security gaps, assess risk impact, and make evidence-based recommendations. 4+ years of experience in third-party/vendor risk auditing; hands-on in due diligence, contract compliance, and risk assessments. 3+ years of policy and documentation review; skilled at reviewing and validating security documentation, procedures, and control implementation for accuracy and completeness. 3+ years of cloud security auditing: experience auditing vendor environments hosted in AWS, Azure, or Google Cloud, including cloud controls and shared responsibility models (preferred). 3+ years of incident response and breach assessment: familiarity with analyzing vendor incident response plans, reviewing past breaches, and evaluating remediation practices (preferred). 3+ years of contract interpretation and SLA compliance: ability to interpret legal and technical aspects in vendor contracts to ensure proper implementation of SLAs, IT, and cybersecurity obligations (preferred). 2+ years of government or regulated industry experience: background in auditing technology vendors serving courts or similar regulated environments (preferred). 2+ years of presenting to executives: experience summarizing technical findings for non-technical audiences, including C-suite executives or legal counsel (preferred). Certifications: At least one relevant certification (CISA, CISSP, CRISC, or ISO 27001 Lead Auditor). Other Special Requirements
May require travel to interview vendor staff as appropriate. May require travel to interview other clients as appropriate. Powered by JazzHR LPOvcNAI2A
#J-18808-Ljbffr
Job Title:
IT Auditor 2 (Hybrid) Location:
Austin, TX Duration:
12 Months Responsibilities
Review vendor contracts, SLAs, and other IT and cybersecurity contractual requirements to confirm compliance with contractual obligations. Evaluate the design and implementation of vendor cybersecurity controls against contractual and industry standards. Collect and analyze evidence such as security policies, system configurations, logs, and access records. Conduct interviews with vendor personnel to assess security practices and governance. Perform control testing and sampling to verify the effectiveness of technical and administrative safeguards. Identify gaps, deficiencies, or non-compliance in vendor controls and assess associated risks. Prepare audit reports summarizing findings, risks, and recommended corrective actions. Track remediation efforts and validate closure of audit findings. Coordinate with internal stakeholders to ensure vendor risks are communicated and addressed. Candidate Skills and Qualifications
Minimum Requirements:
Candidates must meet or exceed the stated requirements. Years Required/Experience, and relevant experience are described below. 5+ years of experience in Cybersecurity frameworks and compliance with auditing controls against NIST, ISO 27001, PCI-DSS, or SOC 2; working knowledge of current data protection laws, regulatory compliance, and third-party risk management practices. 5+ years of IT auditing experience; ability to evaluate security controls (network protection, access management, endpoint security, incident response) across modern IT environments. 5+ years of experience in drafting audit reports, presenting findings to executive and legal stakeholders, and engaging vendors constructively. 5+ years of analytical and investigative thinking; ability to identify security gaps, assess risk impact, and make evidence-based recommendations. 4+ years of experience in third-party/vendor risk auditing; hands-on in due diligence, contract compliance, and risk assessments. 3+ years of policy and documentation review; skilled at reviewing and validating security documentation, procedures, and control implementation for accuracy and completeness. 3+ years of cloud security auditing: experience auditing vendor environments hosted in AWS, Azure, or Google Cloud, including cloud controls and shared responsibility models (preferred). 3+ years of incident response and breach assessment: familiarity with analyzing vendor incident response plans, reviewing past breaches, and evaluating remediation practices (preferred). 3+ years of contract interpretation and SLA compliance: ability to interpret legal and technical aspects in vendor contracts to ensure proper implementation of SLAs, IT, and cybersecurity obligations (preferred). 2+ years of government or regulated industry experience: background in auditing technology vendors serving courts or similar regulated environments (preferred). 2+ years of presenting to executives: experience summarizing technical findings for non-technical audiences, including C-suite executives or legal counsel (preferred). Certifications: At least one relevant certification (CISA, CISSP, CRISC, or ISO 27001 Lead Auditor). Other Special Requirements
May require travel to interview vendor staff as appropriate. May require travel to interview other clients as appropriate. Powered by JazzHR LPOvcNAI2A
#J-18808-Ljbffr