IT & Cybersecurity Vendor Risk Auditor

Overview

On Site
$60 - $85
Contract - W2

Skills

Auditing Cybersecurity
NIST
PCI-DSS
SOC 2
Network Security
IAM
Risk Assessment

Job Details

IT & Cybersecurity Vendor Risk Auditor
Location: Austin, TX (Onsite)

Need locals to TX, it's an onsite Position and requires travel in Texas

Job Summary
We are seeking an experienced IT & Cybersecurity Vendor Risk Auditor to lead audits of third-party vendors, ensuring compliance with contractual obligations, cybersecurity frameworks, and regulatory requirements. This role involves reviewing vendor contracts, assessing security controls, identifying risks, and reporting findings to stakeholders.

Key Responsibilities

Review vendor contracts, SLAs, and cybersecurity requirements to confirm compliance.
Evaluate vendor cybersecurity controls against NIST, ISO 27001, PCI-DSS, SOC 2, and other industry standards.
Collect and analyze evidence such as policies, configurations, logs, and access records.
Conduct interviews with vendor personnel to validate security practices.
Perform control testing to verify the effectiveness of safeguards.
Identify gaps, risks, and deficiencies in vendor controls and recommend corrective actions.
Draft detailed audit reports and present findings to executive and legal stakeholders.
Track remediation efforts and validate closure of audit findings.
Collaborate with internal stakeholders to communicate vendor risks effectively.

Candidate Skills and Qualifications

Minimum Requirements:

5+ years of experience auditing cybersecurity controls against frameworks (NIST, ISO 27001, PCI-DSS, SOC 2).
5+ years of technical IT auditing experience across areas such as network security, IAM, endpoint protection, and incident response.
5+ years of communication and reporting experience, including drafting audit reports and engaging executives.
5+ years of analytical and investigative skills with proven ability to assess risks and recommend solutions.
4+ years of experience auditing third-party vendors, including contract compliance and risk assessments.
3+ years reviewing policies, procedures, and security documentation.
Preferred Qualifications:
3+ years auditing cloud environments (AWS, Azure, Google Cloud).
3+ years experience with incident response and breach assessment.
3+ years interpreting vendor contracts and SLAs.
2+ years in government or regulated industry audits (courts, healthcare, finance).
Experience presenting findings to executives or legal counsel.
Certifications such as CISA, CISSP, CRISC, or ISO 27001 Lead Auditor.

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.