IT Auditor II

Job Title - IT Auditor II

Work Location- Austin, Tx

Work Timings- 8 AM - 5 PM CST

Position Summary:
We are seeking a highly skilled Experienced IT Auditor with 5+ years of expertise in evaluating vendor cybersecurity controls, contractual compliance, and third-party risk management. Skilled in auditing against NIST, ISO 27001, PCI-DSS, and SOC 2 frameworks, with proven ability to assess security controls across networks, IAM, endpoint security, and incident response. Adept at reviewing vendor contracts, SLAs, and policies, conducting evidence-based audits, and preparing clear, executive-level reports with actionable recommendations. Demonstrated success in identifying compliance gaps, mitigating risks, and ensuring remediation closure. Strong communicator with experience engaging vendors, coordinating with internal stakeholders, and presenting findings to executives and legal teams. Holds hands-on experience with cloud security audits (AWS, Azure, GCP) and preferred certifications such as CISA, CISSP, or ISO 27001 Lead Auditor.

PRINCIPAL DUTIES AND RESPONSIBILITIES (May perform any or all of the following)

• Review vendor contracts, SLAs, and other IT and cybersecurity contractual requirements to confirm compliance with contractual obligations.
• Evaluate the design and implementation of vendor cybersecurity controls against contractual and industry standards.
• Collect and analyze evidence such as security policies, system configurations, logs, and access records.
• Conduct interviews with vendor personnel to assess security practices and governance.
• Perform control testing and sampling to verify the effectiveness of technical and administrative safeguards.
• Identify gaps, deficiencies, or non-compliance in vendor controls and assess associated risks.
• Prepare audit reports summarizing findings, risks, and recommended corrective actions.
• Track remediation efforts and validate closure of audit findings.
• Coordinate with internal stakeholders to ensure vendor risks are communicated and addressed.Required Qualifications:
• 5 years of experience required in Cybersecurity frameworks and compliance: Proven experience auditing controls against NIST, ISO 27001, PCI-DSS, or SOC 2 standards, with working knowledge of current data protection laws, regulatory compliance, and third-party risk management practices.
• 5 years of experience required in Technical IT auditing: Strong ability to evaluate security controls such as network protection, identity access management, endpoint security, and incident response across modern IT environments.
• 5 years of experience required in Communication and reporting: Experienced in drafting audit reports, presenting findings to executive and legal stakeholders, and engaging vendors constructively.
• 5 years of experience required in Analytical and investigative thinking: Demonstrated ability to identify security gaps, assess risk impact, and make sound, evidence-based recommendations.
• 4 years of experience required in Third-party/vendor risk auditing: Hands-on experience conducting cybersecurity audits of external vendors, including due diligence, contract compliance, and risk assessments.
• 3 years of experience required in Policy and documentation review: Skilled at reviewing and validating security documentation, procedures, and control implementation for accuracy and completeness.
• 3 years of experience preferred in Cloud cybersecurity auditing: Experience auditing vendor environments hosted in AWS, Azure, or Google Cloud, including cloud-native controls and shared responsibility model
• 3 years of experience preferred in Incident response and breach assessment: Familiarity with analyzing vendor incident response plans, reviewing past breaches, and evaluating remediation practices.
• 3 years of experience preferred in Contract interpretation and SLA compliance: Ability to interpret legal and technical language in vendor contracts to ensure proper implementation of SLAs, IT, and cybersecurity obligations.
• 2 years of experience preferred in Government or regulated industry experience: Background in auditing technology vendors serving courts.
• 2 years of experience preferred in Presentation to executives: Experience summarizing technical findings for non-technical audiences, including C-suite executives or legal counsel.
• 1 years of experience preferred in Certifications: At least one relevant certification (CISA, CISSP, CRISC, or ISO 27001 Lead Auditor).ABOUT ISHIRISHIR is a digital innovation and enterprise AI services provider. We work with startups and enterprises to shape the future through accelerated innovation, deep technical expertise, access to global digital talent and a passion for complex problem-solving. With our help, our clients overcome their most difficult digital challenges leveraging AI.We are not just consultants, we are partners in our clients’ success, assisting them with re(gaining) competitive edge by identifying opportunities for differentiation, industry disruption, scalable innovation, and go-to-market strategies that deliver successful outcomes.At ISHIR, we help bold businesses accelerate innovation through Talent, Speed-to-Market, and AI. We help make an impact by solving real problems using innovation, improved customer experiences and the right technologies.As an ISHIR employee, you will get the advanced training you need to be successful, and the opportunity to apply it. You must be passionate about technology, crave responsibility, and be eager to apply your knowledge to real business solutions for our startup and enterprise customers. These are the qualities of a person destined for success at ISHIR.ISHIR attracts a special type of individual—someone who is proactive, thrives on challenges, feeds off success, and looks at moving targets not as obstacles but as opportunities. ISHIR is an exciting place to work. It is imbued with an entrepreneurial spirit and promotes self-reliance, open communication, and collaboration.