Vendor Cybersecurity Auditor #2945

About The Position

Requirements

• 5+ years of experience auditing cybersecurity controls against NIST, ISO 27001, SOC 2, or PCI-DSS frameworks.
• 5+ years of technical IT auditing experience, including assessment of network security, identity access management, endpoint protection, and incident response.
• Strong experience creating audit documentation and presenting findings to executives, legal, and technical teams.
• Demonstrated investigative and analytical skills in identifying risk and security gaps.
• 4+ years of experience in third-party/vendor cybersecurity risk assessments and audits.
• 3+ years reviewing security policies and documentation for completeness and accuracy.
• Experience auditing cloud-hosted environments (AWS, Azure, or GCP) and understanding of shared responsibility models
• Familiarity with vendor incident response plans and breach assessments.
• Ability to interpret contracts and ensure alignment with SLAs and cybersecurity requirements.
• Experience auditing vendors in a government or regulated industry (e.g., courts, justice systems).
• Proven ability to present complex findings to executive or legal audiences.
• At least one relevant certification: CISA, CISSP, CRISC, or ISO 27001 Lead Auditor.

Responsibilities

• Review vendor contracts, SLAs, and cybersecurity-related requirements for compliance with contractual obligations.
• Evaluate vendor security controls against contractual terms and recognized industry standards (e.g., NIST, ISO 27001, SOC 2, PCI-DSS).
• Analyze documentation and technical evidence including system configurations, access logs, and security policies.
• Conduct interviews with vendor personnel to assess their security practices and governance maturity.
• Perform sampling and control testing of administrative and technical safeguards.
• Identify control deficiencies and assess associated risks to the organization.
• Draft clear, professional audit reports summarizing findings, risks, and recommended remediations.
• Track remediation efforts and validate closure of findings.
• Collaborate with internal teams to ensure vendor risks are appropriately managed and escalated.

Benefits

• Contribute to an organization committed to data protection and vendor governance.
• Work in a supportive and collaborative environment with high visibility.
• Be part of a forward-looking cybersecurity team that values transparency and accountability.
• Opportunities for professional growth and continued learning.