IT Auditor 2

Overview

Hybrid
Up to $60
Contract - Independent
Contract - W2

Skills

Amazon Web Services
Cyber Security
CISSP
Auditing
CISA
Incident Management
Identity Management
Regulatory Compliance
Risk Assessment
Google Cloud Platform
Risk Management
IT Audit
ISO/IEC 27001:2005
ISACA

Job Details

Position: IT Auditor 2
Location: 3 Days Onsite in Austin, TX 2 days remote

Must have NIST PCI-DSS experience and willing to travel to client locations

Job Description

* Review vendor contracts, SLAs, and other IT and cybersecurity contractual requirements to confirm compliance with contractual obligations.
* Evaluate the design and implementation of vendor cybersecurity controls against contractual and industry standards.
* Collect and analyze evidence such as security policies, system configurations, logs, and access records.
* Conduct interviews with vendor personnel to assess security practices and governance.
* Perform control testing and sampling to verify the effectiveness of technical and administrative safeguards.
* Identify gaps, deficiencies, or non-compliance in vendor controls and assess associated risks.
* Prepare audit reports summarizing findings, risks, and recommended corrective actions.
* Track remediation efforts and validate closure of audit findings.
* Coordinate with internal stakeholders to ensure vendor risks are communicated and addressed.

MUST HAVE
5 Required Cybersecurity frameworks and compliance: Proven experience auditing controls against NIST, ISO 27001, PCI-DSS, or SOC 2
standards, with working knowledge of current data protection laws, regulatory compliance, and third-party risk management
practices.
Technical IT auditing: Strong ability to evaluate security controls such as network protection, identity access management,
endpoint security, and incident response across modern IT environments.
Communication and reporting: Experienced in drafting audit reports, presenting findings to executive and legal stakeholders, and
engaging vendors constructively.
Analytical and investigative thinking: Demonstrated ability to identify security gaps, assess risk impact, and make sound,
evidence-based recommendations.
Third-party/vendor risk auditing: Hands-on experience conducting cybersecurity audits of external vendors, including due
diligence, contract compliance, and risk assessments.
Policy and documentation review: Skilled at reviewing and validating security documentation, procedures, and control
implementation for accuracy and completeness.
PREFERRED
3 Preferred Cloud cybersecurity auditing: Experience auditing vendor environments hosted in AWS, Azure, or Google Cloud, including
cloud-native controls and shared responsibility models.
Incident response and breach assessment: Familiarity with analyzing vendor incident response plans, reviewing past breaches, and
evaluating remediation practices.
Contract interpretation and SLA compliance: Ability to interpret legal and technical language in vendor contracts to ensure proper
implementation of SLAs, IT, and cybersecurity obligations.
Government or regulated industry experience: Background in auditing technology vendors serving courts.
Presentation to executives: Experience summarizing technical findings for non-technical audiences, including C-suite executives or
legal counsel.
Certifications: At least one relevant certification (CISA, CISSP, CRISC, or ISO 27001 Lead Auditor).

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.

About StoneGate-Technologies LLC