Compliance Analyst
NetCraftsmen, now BlueAlly
AWSCloudCyber Security
IT Auditor II
BorderlessMind
full-time
Posted on:
Location Type: Office
Location: Austin • Texas • 🇺🇸 United States
Visit company websiteJob Level
Mid-LevelSenior
Tech Stack
AWSAzureCloudCyber SecurityGoogle Cloud Platform
About the role
- Review vendor contracts, SLAs, and other IT and cybersecurity contractual requirements to confirm compliance
- Evaluate the design and implementation of vendor cybersecurity controls against contractual and industry standards
- Collect and analyze evidence such as security policies, system configurations, logs, and access records
- Conduct interviews with vendor personnel to assess security practices and governance
- Perform control testing and sampling to verify the effectiveness of technical and administrative safeguards
- Identify gaps, deficiencies, or non-compliance in vendor controls and assess associated risks
- Prepare audit reports summarizing findings, risks, and recommended corrective actions
- Track remediation efforts and validate closure of audit findings
- Coordinate with internal stakeholders to ensure vendor risks are communicated and addressed
- Present findings to executives and legal teams and engage vendors for remediation
Requirements
- 5 years of experience required in evaluating vendor cybersecurity controls, contractual compliance, and third-party risk management
- Proven experience auditing controls against NIST, ISO 27001, PCI-DSS, or SOC 2 standards
- 5 years of experience in technical IT auditing (network protection, identity access management, endpoint security, incident response)
- 5 years of experience in communication and reporting (drafting audit reports, presenting to executives and legal stakeholders)
- 5 years of experience in analytical and investigative thinking
- 4 years of experience in third-party/vendor risk auditing (due diligence, contract compliance, risk assessments)
- 3 years of experience in policy and documentation review
- 3 years preferred in cloud cybersecurity auditing (AWS, Azure, GCP)
- 3 years preferred in incident response and breach assessment
- 3 years preferred in contract interpretation and SLA compliance
- 2 years preferred in government or regulated industry experience (auditing vendors serving courts)
- 2 years preferred in presentation to executives
- 1 year preferred in relevant certifications (CISA, CISSP, CRISC, or ISO 27001 Lead Auditor)
- Hands-on experience with cloud security audits (AWS, Azure, GCP)
Benefits
- Advanced training to be successful and professional development opportunities
ATS Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard skills
vendor cybersecurity controlscontractual compliancethird-party risk managementauditing controlsNISTISO 27001PCI-DSSSOC 2technical IT auditingcloud cybersecurity auditing
Soft skills
analytical thinkinginvestigative thinkingcommunicationreportingpresentation skillscoordinationinterpersonal skillsgovernance assessmentrisk assessmentremediation tracking
Certifications
CISACISSPCRISCISO 27001 Lead Auditor
Similar jobs on JobTailor
Principal Consultant, Proactive Services - SOC
Palo Alto Networks
AWSAzureCloudCyber SecurityGoogle Cloud Platform
Senior GRC Analyst
Tines
AWSAzureCloudGoogle Cloud Platform
Cyber Architect/Engineer, Cloud SME
General Dynamics Information Technology
AWSAzureCloudCyber SecurityDNSGoogle Cloud PlatformLinux
Information Security Analyst
Ocient
AWSAzureCloudCyber SecurityGoogle Cloud PlatformLinuxMacOSSplunk