IT Auditor

IT Auditor 2 (0061) Austin, TX - (Hybrid - May require travel to other locations in TX) 5 Months Contract
Required Skills: 5 Years - Cybersecurity frameworks and compliance: Proven experience auditing controls against NIST, ISO 27001, PCI-DSS, or SOC 2 standards, with working knowledge of current data protection laws, regulatory compliance, and third-party risk management practices. 5 Years - Technical IT auditing: Strong ability to evaluate security controls such as network protection, identity access management, endpoint security, and incident response across modern IT environments. 5 Years - Communication and reporting: Experienced in drafting audit reports, presenting findings to executive and legal stakeholders, and engaging vendors constructively. 5 Years - Analytical and investigative thinking: Demonstrated ability to identify security gaps, assess risk impact, and make sound, evidence-based recommendations. 4 Years - Third-party/vendor risk auditing: Hands-on experience conducting cybersecurity audits of external vendors, including due diligence, contract compliance, and risk assessments. 3 Years - Policy and documentation review: Skilled at reviewing and validating security documentation, procedures, and control implementation for accuracy and completeness.
Preferred Skills: 3 Years - Cloud cybersecurity auditing: Experience auditing vendor environments hosted in AWS, Azure, or Google Cloud, including cloud-native controls and shared responsibility models. 3 Years - Incident response and breach assessment: Familiarity with analyzing vendor incident response plans, reviewing past breaches, and evaluating remediation practices. 3 Years - Contract interpretation and SLA compliance: Ability to interpret legal and technical language in vendor contracts to ensure proper implementation of SLAs, IT, and cybersecurity obligations. 2 Years - Government or regulated industry experience: Background in auditing technology vendors serving courts. 2 Years - Presentation to executives: Experience summarizing technical findings for non-technical audiences, including C-suite executives or legal counsel. 1 Year - Certifications: At least one relevant certification (CISA, CISSP, CRISC, or ISO 27001 Lead Auditor).