The Role
Job Title: IT Auditor 2 (Hybrid)
Location: Austin, TX
Duration: 12 Months
Responsibilities:
Candidate Skills and Qualifications:
Minimum Requirements:
Candidates that do not meet or exceed the minimum stated requirements (skills/experience) will be displayed to customers but may not be chosen for this opportunity.YearsRequired/PreferredExperience5RequiredCybersecurity frameworks and compliance: Proven experience auditing controls against NIST, ISO 27001, PCI-DSS, or SOC 2 standards, with working knowledge of current data protection laws, regulatory compliance, and third-party risk management practices.5RequiredTechnical IT auditing: Strong ability to evaluate security controls such as network protection, identity access management, endpoint security, and incident response across modern IT environments.5RequiredCommunication and reporting: Experienced in drafting audit reports, presenting findings to executive and legal stakeholders, and engaging vendors constructively.5RequiredAnalytical and investigative thinking: Demonstrated ability to identify security gaps, assess risk impact, and make sound, evidence-based recommendations.4RequiredThird-party/vendor risk auditing: Hands-on experience conducting cybersecurity audits of external vendors, including due diligence, contract compliance, and risk assessments.3RequiredPolicy and documentation review: Skilled at reviewing and validating security documentation, procedures, and control implementation for accuracy and completeness.3PreferredCloud cybersecurity auditing: Experience auditing vendor environments hosted in AWS, Azure, or Google Cloud, including cloud-native controls and shared responsibility models.3PreferredIncident response and breach assessment: Familiarity with analyzing vendor incident response plans, reviewing past breaches, and evaluating remediation practices.3PreferredContract interpretation and SLA compliance: Ability to interpret legal and technical language in vendor contracts to ensure proper implementation of SLAs, IT, and cybersecurity obligations.2PreferredGovernment or regulated industry experience: Background in auditing technology vendors serving courts.2PreferredPresentation to executives: Experience summarizing technical findings for non-technical audiences, including C-suite executives or legal counsel.1PreferredCertifications: At least one relevant certification (CISA, CISSP, CRISC, or ISO 27001 Lead Auditor).
Other Special Requirements:
Location: Austin, TX
Duration: 12 Months
Responsibilities:
- Review vendor contracts, SLAs, and other IT and cybersecurity contractual requirements to confirm compliance with contractual obligations.
- Evaluate the design and implementation of vendor cybersecurity controls against contractual and industry standards.
- Collect and analyze evidence such as security policies, system configurations, logs, and access records.
- Conduct interviews with vendor personnel to assess security practices and governance.
- Perform control testing and sampling to verify the effectiveness of technical and administrative safeguards.
- Identify gaps, deficiencies, or non-compliance in vendor controls and assess associated risks.
- Prepare audit reports summarizing findings, risks, and recommended corrective actions.
- Track remediation efforts and validate closure of audit findings.
- Coordinate with internal stakeholders to ensure vendor risks are communicated and addressed.
Candidate Skills and Qualifications:
Minimum Requirements:
Candidates that do not meet or exceed the minimum stated requirements (skills/experience) will be displayed to customers but may not be chosen for this opportunity.YearsRequired/PreferredExperience5RequiredCybersecurity frameworks and compliance: Proven experience auditing controls against NIST, ISO 27001, PCI-DSS, or SOC 2 standards, with working knowledge of current data protection laws, regulatory compliance, and third-party risk management practices.5RequiredTechnical IT auditing: Strong ability to evaluate security controls such as network protection, identity access management, endpoint security, and incident response across modern IT environments.5RequiredCommunication and reporting: Experienced in drafting audit reports, presenting findings to executive and legal stakeholders, and engaging vendors constructively.5RequiredAnalytical and investigative thinking: Demonstrated ability to identify security gaps, assess risk impact, and make sound, evidence-based recommendations.4RequiredThird-party/vendor risk auditing: Hands-on experience conducting cybersecurity audits of external vendors, including due diligence, contract compliance, and risk assessments.3RequiredPolicy and documentation review: Skilled at reviewing and validating security documentation, procedures, and control implementation for accuracy and completeness.3PreferredCloud cybersecurity auditing: Experience auditing vendor environments hosted in AWS, Azure, or Google Cloud, including cloud-native controls and shared responsibility models.3PreferredIncident response and breach assessment: Familiarity with analyzing vendor incident response plans, reviewing past breaches, and evaluating remediation practices.3PreferredContract interpretation and SLA compliance: Ability to interpret legal and technical language in vendor contracts to ensure proper implementation of SLAs, IT, and cybersecurity obligations.2PreferredGovernment or regulated industry experience: Background in auditing technology vendors serving courts.2PreferredPresentation to executives: Experience summarizing technical findings for non-technical audiences, including C-suite executives or legal counsel.1PreferredCertifications: At least one relevant certification (CISA, CISSP, CRISC, or ISO 27001 Lead Auditor).
Other Special Requirements:
- May require travel to interview vendor staff as appropriate.
- May require travel to interview other clients as appropriate.
Similar Jobs
.png)
Get Personalized Job Insights.
Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.
Success! Refresh the page to see how your skills align with this role.
The Company
What We Do
Serigor provides IT Services and IT staffing to Government and Commercial enterprises of all sizes. Serigor has twelve years of proven track record in IT Services, Government Solutions, and Staffing Solutions.
● MBE/WBE/WBENC/WOSB company, headquartered in Baltimore, MD.
● Multiple, multi-year contracts with Government Agencies at State, County, City, and Federal.
● Commercial clients include Fortune 1000 and Start-Ups all over the US.
● Onshore and offshore IT delivery centers.
● IT solutions encompass contracts that are Fixed Price, T&M, Product Development in all technologies.
● Workforce and staffing solutions encompass contract, contract-to-hire, permanent placement and statement of work job assignments.
