Compunnel Inc.
Client requires the services of 1 IT Auditor 2, who meets the general qualifications of IT Auditor 2, Security and the specifications outlined in this document for the Client.
The successful candidate will:
Review vendor contracts, SLAs, and other IT and cybersecurity contractual requirements to confirm compliance with contractual obligations.
Evaluate the design and implementation of vendor cybersecurity controls against contractual and industry standards.
Collect and analyze evidence such as security policies, system configurations, logs, and access records.
Conduct interviews with vendor personnel to assess security practices and governance.
Perform control testing and sampling to verify the effectiveness of technical and administrative safeguards.
Identify gaps, deficiencies, or non-compliance in vendor controls and assess associated risks.
Prepare audit reports summarizing findings, risks, and recommended corrective actions.
Track remediation efforts and validate closure of audit findings.
Coordinate with internal stakeholders to ensure vendor risks are communicated and addressed.
Candidate Skills And Qualifications:
Candidates should have:
5+ years of experience in cybersecurity frameworks and compliance, with proven experience auditing controls against NIST, ISO 27001, PCI-DSS, or SOC 2 standards.
5+ years of experience in technical IT auditing, with a strong ability to evaluate security controls such as network protection, identity access management, endpoint security, and incident response.
5+ years of experience in communication and reporting, with experience drafting audit reports, presenting findings to executive and legal stakeholders, and engaging vendors constructively.
5+ years of experience in analytical and investigative thinking, with a demonstrated ability to identify security gaps, assess risk impact, and make sound, evidence-based recommendations.
4+ years of experience in third-party/vendor risk auditing, with hands-on experience conducting cybersecurity audits of external vendors.
3+ years of experience in policy and documentation review, with skill in reviewing and validating security documentation, procedures, and control implementation for accuracy and completeness.
Preferred Qualifications:
Experience auditing vendor environments hosted in AWS, Azure, or Google Cloud, including cloud-native controls and shared responsibility models.
Familiarity with analyzing vendor incident response plans, reviewing past breaches, and evaluating remediation practices.
Ability to interpret legal and technical language in vendor contracts to ensure proper implementation of SLAs, IT, and cybersecurity obligations.
Background in auditing technology vendors serving regulated industries.
Experience summarizing technical findings for non-technical audiences, including C-suite executives or legal counsel.
Relevant certifications (CISA, CISSP, CRISC, or ISO 27001 Lead Auditor).
This is a contract position at the Mid-Senior level, in the Information Technology field, with a focus on Government Administration.
#J-18808-Ljbffr
#J-18808-Ljbffr