Proventus Metrics
Position: Cyber Security & Compliance Auditor
Location: Austin, Texas
Duration: Long term
Responsibilities
Cybersecurity frameworks and compliance: Audit controls against NIST, ISO 27001, PCI-DSS, or SOC 2 standards; working knowledge of current data protection laws, regulatory compliance, and third-party risk management practices. Technical IT auditing: Evaluate security controls such as network protection, identity access management, endpoint security, and incident response across modern IT environments. Communication and reporting: Draft audit reports, present findings to executive and legal stakeholders, and engage vendors constructively. Analytical and investigative thinking: Identify security gaps, assess risk impact, and make evidence-based recommendations. Third-party/vendor risk auditing: Conduct cybersecurity audits of external vendors, including due diligence, contract compliance, and risk assessments. Policy and documentation review: Review and validate security documentation, procedures, and control implementation for accuracy and completeness. Cloud cybersecurity auditing: Audit vendor environments hosted in AWS, Azure, or Google Cloud, including cloud-native controls and shared responsibility models. Incident response and breach assessment: Analyze vendor incident response plans, review past breaches, and evaluate remediation practices. Contract interpretation and SLA compliance: Interpret legal and technical language in vendor contracts to ensure proper implementation of SLAs, IT, and cybersecurity obligations. Government or regulated industry experience: Experience in auditing technology vendors serving courts. Presentation to executives: Summarize technical findings for non-technical audiences, including C-suite executives or legal counsel. Certifications: At least one relevant certification (CISA, CISSP, CRISC, or ISO 27001 Lead Auditor).
#J-18808-Ljbffr
Cybersecurity frameworks and compliance: Audit controls against NIST, ISO 27001, PCI-DSS, or SOC 2 standards; working knowledge of current data protection laws, regulatory compliance, and third-party risk management practices. Technical IT auditing: Evaluate security controls such as network protection, identity access management, endpoint security, and incident response across modern IT environments. Communication and reporting: Draft audit reports, present findings to executive and legal stakeholders, and engage vendors constructively. Analytical and investigative thinking: Identify security gaps, assess risk impact, and make evidence-based recommendations. Third-party/vendor risk auditing: Conduct cybersecurity audits of external vendors, including due diligence, contract compliance, and risk assessments. Policy and documentation review: Review and validate security documentation, procedures, and control implementation for accuracy and completeness. Cloud cybersecurity auditing: Audit vendor environments hosted in AWS, Azure, or Google Cloud, including cloud-native controls and shared responsibility models. Incident response and breach assessment: Analyze vendor incident response plans, review past breaches, and evaluate remediation practices. Contract interpretation and SLA compliance: Interpret legal and technical language in vendor contracts to ensure proper implementation of SLAs, IT, and cybersecurity obligations. Government or regulated industry experience: Experience in auditing technology vendors serving courts. Presentation to executives: Summarize technical findings for non-technical audiences, including C-suite executives or legal counsel. Certifications: At least one relevant certification (CISA, CISSP, CRISC, or ISO 27001 Lead Auditor).
#J-18808-Ljbffr