Overview
On Site
Hybrid
$60 - $70
Contract - W2
Contract - Independent
Contract - 12 Month(s)
Skills
Auditing
CISA
CISSP
ISO/IEC 27001:2005
ISACA
Endpoint Protection
Cyber Security
OCA
PCI DSS
SLA
Cybersecurity frameworks
NIST
ISO 27001
PCI-DSS
or SOC 2
CRISC
or ISO 27001 Lead Auditor
Job Details
Lead Cybersecurity Auditor
Austin, TX onsite Need local Experience: 6+ years Visa: EAD, EAD
Key Responsibilities
The Auditor will perform essential functions to assess and manage vendor security risk, including:
Candidate Skills and Qualifications
Candidates must meet or exceed the following stated requirements (skills/experience).
Austin, TX onsite Need local Experience: 6+ years Visa: EAD, EAD
Key Responsibilities
The Auditor will perform essential functions to assess and manage vendor security risk, including:
- Contract and Compliance Review: Review vendor contracts, SLAs, and other IT and cybersecurity requirements to confirm adherence to all contractual obligations.
- Security Control Evaluation: Evaluate the design and implementation of vendor cybersecurity controls against contractual standards and industry best practices (e.g., NIST, ISO 27001).
- Evidence Collection & Analysis: Collect and meticulously analyze security evidence, such as security policies, system configurations, logs, and access records.
- Vendor Assessment: Conduct interviews with vendor personnel to assess security practices, governance maturity, and operational controls.
- Control Testing: Perform rigorous control testing and sampling to verify the effectiveness of technical and administrative safeguards.
- Risk Identification: Identify gaps, deficiencies, or non-compliance in vendor controls and thoroughly assess the associated risks to the OCA.
- Reporting: Prepare comprehensive audit reports that summarize findings, risks, and recommend detailed corrective actions.
- Remediation Management: Track vendor remediation efforts and validate the effective closure of all audit findings.
- Stakeholder Coordination: Coordinate with internal OCA stakeholders to ensure that vendor risks are clearly communicated and promptly addressed.
Candidate Skills and Qualifications
Candidates must meet or exceed the following stated requirements (skills/experience).
| Years | Requirement | Experience Type | Description |
| 5 | Required | Cybersecurity Frameworks and Compliance | Proven experience auditing controls against major frameworks like NIST, ISO 27001, PCI-DSS, or SOC 2 standards. Working knowledge of current data protection laws and third-party risk management practices. |
| 5 | Required | Technical IT Auditing | Strong ability to evaluate technical security controls such as network protection, Identity and Access Management (IAM), endpoint security, and incident response across modern IT environments. |
| 5 | Required | Communication and Reporting | Extensive experience in drafting formal audit reports, presenting findings to executive and legal stakeholders, and engaging vendors constructively. |
| 5 | Required | Analytical and Investigative Thinking | Demonstrated ability to identify security gaps, assess risk impact, and make sound, evidence-based recommendations. |
| 4 | Required | Third-Party/Vendor Risk Auditing | Hands-on experience conducting cybersecurity audits of external vendors, including due diligence, contract compliance, and risk assessments. |
| 3 | Required | Policy and Documentation Review | Skilled at reviewing, interpreting, and validating vendor security documentation, procedures, and control implementation for accuracy and completeness. |
| 3 | Preferred | Cloud Cybersecurity Auditing | Experience auditing vendor environments hosted in AWS, Azure, or Google Cloud, including cloud-native controls and the Shared Responsibility Model. |
| 3 | Preferred | Incident Response and Breach Assessment | Familiarity with analyzing vendor incident response plans, reviewing past breaches, and evaluating remediation practices. |
| 3 | Preferred | Contract Interpretation and SLA Compliance | Ability to interpret legal and technical language in vendor contracts to ensure proper implementation of SLAs and cybersecurity obligations. |
| 2 | Preferred | Government or Regulated Industry Experience | Background in auditing technology vendors, particularly those serving court systems or regulated government industries. |
| 2 | Preferred | Presentation to Executives | Experience summarizing complex technical audit findings for non-technical audiences, including C-suite executives or legal counsel. |
| 1 | Preferred | Certifications | At least one relevant professional certification such as CISA, CISSP, CRISC, or ISO 27001 Lead Auditor. |
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.