Picus Security

Senior Information Systems Auditor

Picus Security

full-time

Posted on:

Location Type: Remote

Location: Turkey

Visit company website

Explore more

AI Apply
Apply

Job Level

Senior

Tech Stack

CloudSDLC

About the role

  • Lead and oversee global compliance programs (ISO/IEC 27001, 22301, 27701, 20000-1, SOC 2, NIST CSF, CSA STAR) to maintain continuous audit readiness
  • Plan and execute risk-based IT and internal audits, with a strong focus on secure SDLC, software engineering processes, cloud infrastructure, and AI security domains
  • Evaluate and enhance the effectiveness of security and governance controls, driving continuous improvement across policies and processes
  • Contribute to RFPs and security questionnaires with accurate and strategic security and compliance input
  • Manage audit and security vulnerability findings end-to-end, ensuring sustainable remediation and measurable control improvements
  • Actively support the Third-Party Risk Management (TPRM) program by participating in SaaS security assessments and vendor due diligence
  • Define and track key audit and compliance metrics, reporting insights to leadership and relevant stakeholders
  • Assess the risk and privacy impact of emerging technologies (AI, ML, and automation), guiding engineering teams on secure adoption practices.

Requirements

  • 3+ years of hands-on experience in audit, compliance, risk management, or information security, preferably within a SaaS, cloud-native, or technology-driven environment
  • Hands-on experience with ISO/IEC standards (27001, 27701, 22301, 20000-1) and SOC 2, including preparation, audit coordination, and evidence management
  • Experience advising cross-functional stakeholders and influencing control improvements in dynamic technology environments
  • Practical knowledge of international security and privacy regulations (e.g., GDPR, CCPA) and related compliance practices
  • Experience supporting or managing Third-Party Risk Management (TPRM), vendor due diligence, and customer-facing compliance processes
  • Proven ability to manage multiple audits and compliance initiatives simultaneously in a fast-paced environment
  • Strong verbal and written communication skills in English, including documentation and policy writing.
  • ISO 27001, 22301, 27701, 20000-1 LA (Preferred Certification)
  • ISACA certifications such as CISA, CISM, or CRISC (Preferred Certification)
  • Experience with SOC 2, NIST, CSA STAR reporting frameworks (Preferred Certification)
  • ITIL certification (nice-to-have)
Benefits
  • Unlimited opportunity
  • Global exposure
  • Equal opportunity employer
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
auditcompliancerisk managementinformation securitysecure SDLCcloud infrastructureAI securityvendor due diligencesecurity assessmentscontrol improvements
Soft Skills
communication skillsinfluencingcross-functional collaborationdocumentationpolicy writingmulti-taskingstakeholder engagementstrategic inputcontinuous improvementleadership
Certifications
ISO 27001 LACISACISMCRISCITIL