Role: IT Auditor 3
Location: Austin, TX
Duration: 6 Months
Responsibilities
- Plan, execute, and report on IT and cybersecurity audits to assess the effectiveness of security controls, risk management practices, and compliance with policies and regulations
- Evaluate the design and operating effectiveness of cybersecurity controls across areas such as identity and access management, network security, endpoint protection, cloud security, and data protection
- Conduct risk assessments and control testing aligned to recognized frameworks (e.g., NIST CSF, ISO 27001, CIS Controls, COBIT)
- Assess compliance with applicable regulatory and contractual requirements (e.g., SOX, PCI DSS, HIPAA, GDPR, SOC reports, internal policies)
- Review vulnerability management, incident response, disaster recovery, and business continuity processes to ensure preparedness and resilience
- Collaborate closely with GRC, and business stakeholders to understand systems, processes, and compliance
- Identify control gaps, root causes, and risk implications, and develop clear, actionable audit findings and recommendations
- Track and validate remediation efforts to ensure timely and effective resolution of audit issues
- Support third-party risk assessments, including reviews of vendor security controls and SOC reports
- Stay current on evolving regulatory changes, and industry best practices to continuously enhance audit approaches
- Contribute to the continuous improvement of audit methodologies, tools, and automation techniques
- Prepare and present audit results to management and, when required, senior leadership or audit committees.
The above job description and requirements are general in nature and may be subject to change based on the specific needs and requirements of the organization and project.
Minimum Requirements
- 8+ years of experience planning, conducting, and documenting IT and cybersecurity audits in accordance with approved audit methodologies and professional standards.
- 8+ years of experience evaluating the design and operating effectiveness of information security controls across systems, networks, applications, cloud environments, and data platforms.
- 8+ years of experience assessing cybersecurity risks and controls in alignment with recognized frameworks and industry standards.
- 8+ years of experience performing compliance testing against applicable laws, regulations, contractual obligations, and internal policies.
- 8+ years of experience reviewing and assessing processes related to Identity and Access Management (IAM), Vulnerability Management, Incident Response, Disaster Recovery, Business Continuity.
- 8+ years of experience identifying control deficiencies, assessing risk impact, and developing clear, well-supported audit findings and recommendations.
- 8+ years of experience preparing formal audit reports that communicate results, conclusions, and remediation requirements to management.
- 8+ years of experience monitoring, tracking, and validating management remediation plans to ensure timely and effective resolution of audit issues.
- Proven ability to resolve complex security issues in diverse and decentralized environments.
- Strong ability to learn, communicate, and train others on new information security technologies and concepts.
- Excellent written and verbal communication skills.
- 8+ years of experience conducting forensic investigations of cyberattacks to determine root cause and preventive measures.
- Preferred Qualifications: Professional certifications such as CISSP and/or PMP, with a minimum of 3 years of relevant experience.
