Cybersecurity Risk Auditor

At F5, we strive to bring a better digital world to life. Our teams empower organizations across the globe to create, secure, and run applications that enhance how we experience our evolving digital world. We are passionate about cybersecurity, from protecting consumers from fraud to enabling companies to focus on innovation. 
 

Everything we do centers around people. That means we obsess over how to make the lives of our customers, and their customers, better. And it means we prioritize a diverse F5 community where each individual can thrive.

We are seeking an Cybersecurity Risk Auditor to join our Internal Audit team. This role is ideal for a technology auditor who is naturally curious, enjoys understanding how complex systems work, and is motivated to dig deeper to identify emerging and non‑obvious risks, particularly in cybersecurity and cloud‑based environments.

In this role, you will support the execution of a risk‑aligned, forward‑looking internal audit program focused on technology, cybersecurity, and digital risk. You will assess control design and effectiveness, investigate how risks manifest in real‑world scenarios, and contribute insights that strengthen governance and resilience across the organization. The position offers broad exposure to modern technology domains while helping evolve Internal Audit into a strategic, technology‑enabled business partner.

Primary Responsibilities:

• Execute technology, cybersecurity, and digital risk audit engagements as part of a risk‑based internal audit plan
• Perform audit fieldwork aligned to defined objectives while applying professional skepticism and curiosity to identify risks beyond standard audit procedures
• Assess the design and operating effectiveness of controls across technology domains including cloud infrastructure, identity and access management, network security, application security, logging and monitoring, vulnerability management, and incident response
• Go beyond “check‑the‑box” testing to understand how systems actually operate, where controls may fail, and how risk could evolve as the business and technology landscape change
• Conduct stakeholder interviews and walkthroughs to understand system architecture, processes, and risk trade‑offs
• Identify, document, and analyze audit observations, including root causes and potential business or customer impact
• Prepare clear, concise, and well‑supported workpapers in accordance with Internal Audit standards and methodologies
• Contribute to audit reporting by summarizing findings, insights, and risk themes in a way that is meaningful to both technical and non‑technical stakeholders
• Partner with technology, security, and business stakeholders to validate observations and support effective remediation
• Track audit issues and support follow‑up activities to promote timely and sustainable risk mitigation
• Support Internal Audit activities beyond core audits, including risk assessment, audit planning, advisory engagements, and continuous improvement initiatives
• Stay current on emerging technology and cybersecurity risks, threat trends, and evolving industry practices
• Contribute to the ongoing modernization of the Internal Audit function through adoption of improved tools, methodologies, and ways of working

Qualifications:

• Bachelor’s degree in Information Systems, Computer Science, Cybersecurity, Engineering, Business, Accounting, or a related field
• Minimum 2+ years of experience in cybersecurity audit, IT audit, or related disciplines within a public accounting firm, public company, or technology‑focused organization
• Experience supporting audits or assessments of modern technology environments, including IT general controls, cybersecurity controls, cloud platforms, or SaaS operations
• Professional certifications preferred: CISA, CISSP
• Other relevant certifications considered: CIA, CPA, CISM, CCSP, CRISC

Knowledge, Skills, and Abilities:

• Strong foundational understanding of internal control concepts and their application to technology and business processes
• Familiarity with industry frameworks such as NIST, ISO 27001, COBIT, SOC 2, and COSO
• Analytical mindset with the ability to ask insightful questions, challenge assumptions, and evaluate risk implications
• Demonstrated curiosity and willingness to continuously learn new technologies, platforms, and threat vectors
• Ability to connect technical risks to broader business, operational, and customer impact
• Strong documentation skills, with the ability to clearly articulate work performed and communicate complex topics effectively
• Ability to manage multiple priorities and deadlines in a dynamic, fast‑paced environment
• High level of integrity, professionalism, and sound judgment
• Comfort operating in environments where risks are evolving and controls may still be maturing

• Exposure to cloud environments such as AWS, Azure, or GCP
• Familiarity with secure software development practices, DevOps, or DevSecOps pipelines
• Prior experience auditing or assessing cybersecurity programs or security operations

Travel Requirements:

This role requires the ability to travel up to 25% of the time, including international travel

#LI-AC9

The Job Description is intended to be a general representation of the responsibilities and requirements of the job. However, the description may not be all-inclusive, and responsibilities and requirements are subject to change.

F5 maintains broad salary ranges for its roles in order to account for variations in knowledge, skills, experience, geographic locations, and market conditions, as well as to reflect F5’s differing products, industries, and lines of business. The pay range referenced is as of the time of the job posting and is subject to change.

You may also be offered incentive compensation, bonus, restricted stock units, and benefits. More details about F5’s benefits can be found at the following link: https://www.f5.com/company/careers/benefits. F5 reserves the right to change or terminate any benefit plan without notice. 

Please note that F5 only contacts candidates through F5 email address (ending with @f5.com) or auto email notification from Workday (ending with f5.com or @myworkday.com).

Equal Employment Opportunity

It is the policy of F5 to provide equal employment opportunities to all employees and employment applicants without regard to unlawful considerations of race, religion, color, national origin, sex, sexual orientation, gender identity or expression, age, sensory, physical, or mental disability, marital status, veteran or military status, genetic information, or any other classification protected by applicable local, state, or federal laws. This policy applies to all aspects of employment, including, but not limited to, hiring, job assignment, compensation, promotion, benefits, training, discipline, and termination.  F5 offers a variety of reasonable accommodations for candidates. Requesting an accommodation is completely voluntary. F5 will assess the need for accommodations in the application process separately from those that may be needed to perform the job. Request by contacting [email protected].