Information Security Manager, Cyber Security Business Partner
PEXA
AWSAzureCloudCyber SecurityGoogle Cloud Platform
IT Auditor 2
Serigor Inc
contract
Posted on:
Location Type: Hybrid
Location: Austin • Texas • 🇺🇸 United States
Visit company websiteJob Level
Mid-LevelSenior
Tech Stack
AWSAzureCloudCyber Security
About the role
- Review vendor contracts, SLAs, and other IT and cybersecurity contractual requirements to confirm compliance with contractual obligations
- Evaluate the design and implementation of vendor cybersecurity controls against contractual and industry standards
- Collect and analyze evidence such as security policies, system configurations, logs, and access records
- Conduct interviews with vendor personnel to assess security practices and governance
- Perform control testing and sampling to verify the effectiveness of technical and administrative safeguards
- Identify gaps, deficiencies, or non-compliance in vendor controls and assess associated risks
- Prepare audit reports summarizing findings, risks, and recommended corrective actions
- Track remediation efforts and validate closure of audit findings
- Coordinate with internal stakeholders to ensure vendor risks are communicated and addressed
Requirements
- 5+ years of experience (Minimum Requirements)
- Proven experience auditing controls against NIST, ISO 27001, PCI-DSS, or SOC 2 standards
- Working knowledge of current data protection laws, regulatory compliance, and third-party risk management practices
- Strong ability to evaluate security controls such as network protection, identity access management, endpoint security, and incident response
- Experience drafting audit reports and presenting findings to executive and legal stakeholders
- Demonstrated analytical and investigative thinking to identify security gaps and assess risk impact
- Hands-on experience conducting cybersecurity audits of external vendors, including due diligence, contract compliance, and risk assessments
- Skilled at reviewing and validating security documentation, procedures, and control implementation
- Preferred: Experience auditing AWS, Azure, or Google Cloud environments
- Preferred: Familiarity with incident response and breach assessment of vendors
- Preferred: Ability to interpret vendor contracts and SLA compliance
- Preferred: Government or regulated industry experience (auditing technology vendors serving courts)
- Preferred: Experience presenting technical findings to C-suite or legal counsel
- Preferred: At least one relevant certification (CISA, CISSP, CRISC, or ISO 27001 Lead Auditor)
- May require travel to interview vendor staff or clients as appropriate
ATS Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard skills
auditing controlscybersecurity auditssecurity controls evaluationrisk assessmentscontrol testingdata protection lawsincident responsenetwork protectionidentity access managementendpoint security
Soft skills
analytical thinkinginvestigative thinkingcommunicationpresentation skillsstakeholder coordination
Certifications
CISACISSPCRISCISO 27001 Lead Auditor
