IT Auditor - Austin TX - Hybrid

Role : IT Auditor II

Location : 205 W 14th Street, Austin, TX 78701 - May require travel to other locations in TX

The working position is Hybrid - On Site and Telework

Job description :

• Review vendor contracts, SLAs, and other IT and cybersecurity contractual requirements to confirm compliance with contractual obligations.
• Evaluate the design and implementation of vendor cybersecurity controls against contractual and industry standards.
• Collect and analyze evidence such as security policies, system configurations, logs, and access records.
• Conduct interviews with vendor personnel to assess security practices and governance.
• Perform control testing and sampling to verify the effectiveness of technical and administrative safeguards.
• Identify gaps, deficiencies, or non-compliance in vendor controls and assess associated risks.
• Prepare audit reports summarizing findings, risks, and recommended corrective actions.
• Track remediation efforts and validate closure of audit findings.
• Coordinate with internal stakeholders to ensure vendor risks are communicated and addressed.

II. CANDIDATE SKILLS AND QUALIFICATIONS

Minimum Requirements :

Candidates that do not meet or exceed the minimum stated requirements (skills / experience) will be displayed to customers but may not be chosen for this opportunity.

Years

Required / Preferred

Experience

Required

Cybersecurity frameworks and compliance : Proven experience auditing controls against NIST, ISO 27001, PCI-DSS, or SOC 2 standards, with working knowledge of current data protection laws, regulatory compliance, and third-party risk management practices.

Required

Technical IT auditing : Strong ability to evaluate security controls such as network protection, identity access management, endpoint security, and incident response across modern IT environments.

Required

Communication and reporting : Experienced in drafting audit reports, presenting findings to executive and legal stakeholders, and engaging vendors constructively.

Required

Analytical and investigative thinking : Demonstrated ability to identify security gaps, assess risk impact, and make sound, evidence-based recommendations.

Required

Third-party / vendor risk auditing : Hands-on experience conducting cybersecurity audits of external vendors, including due diligence, contract compliance, and risk assessments.

Required

Policy and documentation review : Skilled at reviewing and validating security documentation, procedures, and control implementation for accuracy and completeness.

Preferred

Cloud cybersecurity auditing : Experience auditing vendor environments hosted in AWS, Azure, or Google Cloud, including cloud-native controls and shared responsibility models.

Preferred

Incident response and breach assessment : Familiarity with analyzing vendor incident response plans, reviewing past breaches, and evaluating remediation practices.

Preferred

Contract interpretation and SLA compliance : Ability to interpret legal and technical language in vendor contracts to ensure proper implementation of SLAs, IT, and cybersecurity obligations.

Preferred

Government or regulated industry experience : Background in auditing technology vendors serving courts.

Preferred

Presentation to executives : Experience summarizing technical findings for non-technical audiences, including C-suite executives or legal counsel.

Preferred

Certifications : At least one relevant certification (CISA, CISSP, CRISC, or ISO 27001 Lead Auditor).