Information Security Risk Auditor
About The Position
The Information Security Risk Auditor (Control Design & Effectiveness) is an experienced individual contributor responsible for assessing the design and operating effectiveness of information security controls across the enterprise. This role focuses on evaluating control architecture, implementation, and monitoring to ensure alignment with enterprise risk appetite, regulatory obligations, and leading frameworks (e.g., NIST CSF, ISO/IEC 27001). The auditor works closely with control owners, risk teams, and technology stakeholders to identify design gaps, validate evidence, and recommend improvements. Strong attention to detail, analytical skills, and the ability to communicate findings clearly to stakeholders are essential. You will enjoy the flexibility to telecommute from anywhere within the U.S. as you take on some tough challenges.
Requirements
- Bachelor’s degree in Information Security, Risk Management, Business, or related field
- 5+ years of experience in information security auditing, compliance, or risk management
- 2+ years of experience in working collaboratively across teams in a matrixed environment
- 1+ years of experience in performing assessments of control design and effectiveness
- Intermediate level of experience with GRC tools and evidence collection processes
- Understanding of security control architecture and regulatory frameworks (NIST, ISO, SOX)
- Ability to assess control-to-risk mapping and evidence adequacy
- Strong attention to detail in reviewing compliance metrics and audit evidence
- Ability to prepare clear reports and communicate effectively
- Experience with GRC platforms and basic automation concepts
Nice To Haves
- Certifications such as CISA, CRISC, CISSP, CIA
- Experience in public accounting and/or auditing
Responsibilities
- Execute assessments of control design and operating effectiveness across critical security domains (e.g., identity, access, network, cloud, data protection)
- Validate that controls mitigate identified risks and align with regulatory and internal requirements
- Maintain audit-ready documentation and assist in tracking control adherence metrics
- Recommend improvements to control design for scalability, automation, and resilience
- Perform periodic reviews of control evidence and report adherence rates and exceptions
- Escalate gaps in control design or effectiveness for remediation and track closure
- Support alignment verification against frameworks (e.g., NIST CSF, ISO 27001) and obligations (e.g., SOX, SOC 2)
- Prepare clear audit reports and dashboards for management review
- Participate in governance meetings and provide input on control effectiveness status
- Assist in awareness efforts related to control requirements and accountability
- Support control design and effectiveness audits and compliance reviews
- Ensure audit documentation and evidence traceability are complete and accurate
- Collaborate with risk and compliance teams to track remediation progress
- Contribute to process improvement initiatives, including automation opportunities
Benefits
- comprehensive benefits package
- incentive and recognition programs
- equity stock purchase
- 401k contribution
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
