Job Description & How to Apply Below
Information Security Auditor
Location:
Onsite / Hybrid / Remote
Experience
Required:
5 to 8 Years
Employment Type:
Full-time
About the Role
We are seeking an experienced Information Security Auditor to evaluate, assess, and strengthen organizational security controls across multiple compliance frameworks including NIST, ISO 27001:2022, SOC 2, CMMC, and PCI DSS . The candidate will lead risk assessments, audit engagements, security governance reviews, and continuous compliance initiatives, ensuring robust security posture and regulatory adherence.
Key Responsibilities
Plan, execute, and report information security audits across multiple standards and regulatory frameworks.
Perform gap assessments , risk analysis, control testing, and compliance readiness reviews against:
ISO/IEC 27001:2022
NIST CSF / NIST 800-series
SOC 2 Type I & II
CMMC Levels
PCI DSS
Evaluate effectiveness of security controls, governance processes, policies, and procedures.
Lead internal audits , vendor risk audits, and customer security assurance assessments.
Develop and maintain Information Security Management System (ISMS) compliance documentation.
Provide audit findings , remediation guidance, and improvement roadmaps to stakeholders.
Support certification audits with external assessors.
Drive continuous improvement initiatives aligned with risk management and compliance objectives .
Work closely with IT, Cybersecurity, Risk, Legal, and Leadership teams.
Maintain strong knowledge of evolving industry regulatory requirements and best practices.
Required
Skills & Qualifications
Bachelor’s degree in Information Security, Computer Science, Engineering, Risk Management, or related field.
Hands-on experience auditing and implementing :
ISO 27001:2022 controls & certification lifecycle
NIST cybersecurity frameworks
SOC 2 Trust Services Criteria
CMMC compliance
PCI DSS security controls and audits
Strong understanding of:
Risk Management Methodologies
IT General Controls (ITGC)
Governance, Risk & Compliance (GRC) tools
Cloud security controls (AWS/Azure/GCP preferred)
Excellent analytical, reporting, and communication skills.
Ability to conduct independent audits and present findings to senior leadership.
Certifications (Mandatory)
Must hold an active certification from ISACA (International Information Systems Audit and Control Association) such as:
CISA – Certified Information Systems Auditor (preferred)
Or CISM / CRISC / CGEIT with strong auditing exposure
Additional beneficial certifications:
ISO 27001 Lead Auditor / Implementer
PCI QSA (if applicable)
CISSP, CEH, or similar cybersecurity credentials
Key Attributes
Strong attention to detail
Ethical, confidential handling of sensitive information
Ability to work independently and collaboratively
Strong stakeholder management and leadership capability
Note that applications are not being accepted from your jurisdiction for this job currently via this jobsite. Candidate preferences are the decision of the Employer or Recruiting Agent, and are controlled by them alone.
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
Search for further Jobs Here:
×