Cybersecurity Auditor (NIST, Vendor Risk, Compliance PCI-DSS, ISO 27001, SOC 2)

Job Title: Cybersecurity Auditor (NIST, Vendor Risk, Compliance PCI-DSS, ISO 27001, SOC 2)

Location: Austin, Tx (Hybrid - May require travel to other locations in TX)

We are currently seeking candidates who meet the following qualification

• Cybersecurity frameworks and compliance: Proven experience auditing controls against NIST, ISO 27001, PCI-DSS, or SOC 2 standards, with working knowledge of data protection laws, regulatory compliance, and third-party risk management practices.
• Technical IT auditing: Strong ability to evaluate security controls such as network protection, identity access management, endpoint security, and incident response across modern IT environments.
• Communication and reporting: Skilled in drafting audit reports, presenting findings to executive and legal stakeholders, and engaging vendors constructively.
• Analytical and investigative thinking: Demonstrated ability to identify security gaps, assess risk impact, and provide evidence-based recommendations.
• Third-party/vendor risk auditing: Hands-on experience conducting cybersecurity audits of external vendors, including due diligence, contract compliance, and risk assessments.
• Policy and documentation review: Skilled at reviewing and validating security documentation, procedures, and control implementation for accuracy and completeness.

• Cloud cybersecurity auditing: Experience auditing vendor environments hosted in AWS, Azure, or Google Cloud, including cloud-native controls and shared responsibility models.
• Incident response and breach assessment: Familiarity with analyzing vendor incident response plans, reviewing past breaches, and evaluating remediation practices.
• Contract interpretation and SLA compliance: Ability to interpret legal and technical language in vendor contracts to ensure proper implementation of SLAs, IT, and cybersecurity obligations.
• Government or regulated industry experience: Background in auditing technology vendors serving courts or other regulated industries.
• Presentation to executives: Experience summarizing technical findings for non-technical audiences, including C-suite executives or legal counsel.
• Certifications: At least one relevant certification (CISA, CISSP, CRISC, or ISO 27001 Lead Auditor).

• Conduct comprehensive cybersecurity audits of third-party vendors to assess compliance with industry frameworks and organizational requirements.
• Review vendor policies, security documentation, and contractual obligations to ensure accuracy, completeness, and compliance.
• Evaluate the effectiveness of security controls across networks, applications, cloud platforms, and incident response capabilities.
• Identify control deficiencies, assess associated risks, and provide actionable recommendations.
• Draft clear, concise audit reports and present findings to both technical and non-technical stakeholders, including executives and legal teams.
• Collaborate with vendors to address security concerns, track remediation efforts, and verify implementation of corrective actions.
• Support continuous improvement of vendor risk management and compliance processes.
• Provide subject matter expertise on evolving cybersecurity regulations, industry standards, and best practices.
  
  If you meet these qualifications, please submit your application via link provided in Linkedin.
  Kindly do not call the general line to submit your application.