The Role
The Senior IS Auditor will lead compliance programs, execute audits in IT, and enhance security governance while advising teams on secure practices.
Summary Generated by Built In
Are you passionate about technology and enjoy explaining complex solutions in a way that everybody gets excited? If so, read on!
About Picus
Picus Security, the leading security validation company, gives organizations a clear picture of their cyber risk based on business context. Picus transforms security practices by correlating, prioritizing, and validating exposures across siloed findings so teams can focus on critical gaps and high-impact fixes. With Picus, security teams can quickly take action with one-click mitigations to stop more threats with less effort.
The Picus Security Validation Platform easily reaches across on-prem environments, hybrid clouds and endpoints coupled with Numi AI to provide exposure validation.
The pioneer of Breach and Attack Simulation, Picus delivers award-winning threat-centric technology that allows teams to pinpoint fixes worth pursuing, offering a 98% recommendation in Gartner Peer Review.
About The Role
We are seeking a Senior IS Auditor to join our fast-growing cybersecurity company and strengthen our governance, risk, and compliance capabilities at scale. This role plays a critical part in maintaining global certification readiness, enhancing control maturity, and embedding a proactive security and privacy mindset across the organization. Beyond audit execution, you will act as a strategic advisor to business and technology teams, shaping scalable and risk-aware processes in a cloud-native and AI-driven environment. You will contribute to the continuous evolution of our governance framework, ensuring alignment with international standards while enabling innovation and sustainable growth. This position directly supports regulatory confidence and reinforces the trust our global customers place in Picus.
Picus is headquartered in Ankara, with a regional office in Istanbul, but our team is remote across Türkiye. Please note that all CVs must be submitted in English.
What You'll Do
- Lead and oversee global compliance programs (ISO/IEC 27001, 22301, 27701, 20000-1, SOC 2, NIST CSF, CSA STAR) to maintain continuous audit readiness
- Plan and execute risk-based IT and internal audits, with a strong focus on secure SDLC, software engineering processes, cloud infrastructure, and AI security domains
- Evaluate and enhance the effectiveness of security and governance controls, driving continuous improvement across policies and processes
- Contribute to RFPs and security questionnaires with accurate and strategic security and compliance input
- Manage audit and security vulnerability findings end-to-end, ensuring sustainable remediation and measurable control improvements
- Actively support the Third-Party Risk Management (TPRM) program by participating in SaaS security assessments and vendor due diligence
- Define and track key audit and compliance metrics, reporting insights to leadership and relevant stakeholders
- Assess the risk and privacy impact of emerging technologies (AI, ML, and automation), guiding engineering teams on secure adoption practices.
What You Have
- 3+ years of hands-on experience in audit, compliance, risk management, or information security, preferably within a SaaS, cloud-native, or technology-driven environment
- Hands-on experience with ISO/IEC standards (27001, 27701, 22301, 20000-1) and SOC 2, including preparation, audit coordination, and evidence management
- Experience advising cross-functional stakeholders and influencing control improvements in dynamic technology environments
- Practical knowledge of international security and privacy regulations (e.g., GDPR, CCPA) and related compliance practices
- Experience supporting or managing Third-Party Risk Management (TPRM), vendor due diligence, and customer-facing compliance processes
- Proven ability to manage multiple audits and compliance initiatives simultaneously in a fast-paced environment
- Strong verbal and written communication skills in English, including documentation and policy writing.
- ISO 27001, 22301, 27701, 20000-1 LA
- ISACA certifications such as CISA, CISM, or CRISC
- Experience with SOC 2, NIST, CSA STAR reporting frameworks
- ITIL certification (nice-to-have)
Preferred Certifications:
Working at Picus
Fascinating work - a chance to shape and lead an exciting, fast-growing cyber security segment. Security Validation is a concept that helps organizations evaluate their security posture in a continuous, automated, and repeatable way. This approach allows for the identification of imminent threats, provides recommended actions, and produces valuable metrics about cyber-risk levels.
Unlimited opportunity! We are growing. At Picus, you'll be provided with as much responsibility as you can handle - new career development opportunities constantly arise given our rate of growth.
Global exposure - Get a lot of experience working not only in a fast-growing startup but also interact with customers all around the world.
Be part of a global remote team who is taking on Exposure Validation and a growing market segment.
We are an equal opportunity employer, and all qualified applicants will receive consideration for employment without regard to age, sex, race, color, national origin, religious belief, gender or gender reassignment, sexual orientation, marriage or civil partnership, pregnancy and maternity, disability, protected veteran status, or any other characteristic protected by International law. Upon conditional offer of employment, candidates are required to complete reference and identity checks in line with local labor laws and as per the Company’s employment policy.
Am I A Good Fit?
Get Personalized Job Insights.
Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.
Success! Refresh the page to see how your skills align with this role.
The Company
What We Do
Picus Security is the pioneer of Breach and Attack Simulation (BAS). The Picus Complete Security Control Validation Platform is trusted by leading organizations worldwide to continuously validate the effectiveness of security controls against cyber-attacks and supply actionable mitigation insights to optimize them. Picus has offices in North America, Europe and APAC and is supported by a global network of channel and alliance partners. The company is dedicated to helping security professionals become more threat-centric and via its Purple Academy offers free online training to share the latest offensive and defensive cybersecurity strategies. Find more here: https://www.picussecurity.com/
