Information Security Auditor

Information Security Auditor

Full-Time | Salary

A long-established nonprofit organization supporting secure information exchange for public safety and justice stakeholders across North America is seeking an experienced Information Security Auditor. The organization operates large-scale secure messaging and data-sharing services for governmental and industry partners and continues to expand into new sectors.

The Information Security Auditor plays a critical role in supporting secure information-sharing operations by evaluating customer environments against organizational and regulatory security requirements. This position collaborates with internal teams and external partners to identify risk, assess compliance, and strengthen overall security posture. The ideal candidate is motivated by applying technical expertise to support public safety missions.

• Plan and conduct remote and onsite security audits of partner networks, including review of architecture, perimeter defenses, endpoint protection, administrative procedures, and security controls
• Evaluate customer policies and procedures for alignment with organizational and regulatory security requirements
• Guide new partners through technical security assessment processes
• Analyze documentation such as data-flow diagrams, network diagrams, and questionnaire responses in preparation for audits
• Execute and document audits across diverse computing platforms and application environments
• Collaborate with internal stakeholders to support compliance initiatives and risk management efforts
• Interpret audit evidence, communicate findings, and provide remediation guidance to partners
• Review audit results with internal security teams and track remediation to closure
• Support ongoing security awareness and personnel compliance programs for internal staff and partners
• Produce post-audit reports and compliance documentation for management and customers

• Ability to obtain and maintain a federal background clearance
• Strong written and verbal communication skills with professional presentation ability
• Bachelor’s degree in information security or related field, or equivalent experience
• Industry security certification (e.g., network or security-focused credential) required
• Minimum 3 years hands‑on experience with one or more operating systems (e.g., Windows Server, Linux, UNIX)
• Minimum 3 years practical experience in TCP/IP networking
• Broad knowledge of information systems and security practices, including governance, system development, operations, access control, physical/environmental safeguards, and disaster recovery
• Experience performing security testing of network infrastructure and web applications using manual and automated techniques
• Understanding of system and network security architecture (e.g., firewalls, routers, operating systems, wireless, databases, security appliances, and policies)
• Familiarity with enterprise database platforms (e.g., SQL-based systems)
• Exposure to common programming or scripting languages
• Knowledge of industry standards and best practices

• Team‑oriented and mission‑driven work environment
• Comprehensive employer‑paid benefits for employees and eligible dependents
• Flexible and casual workplace culture
• Employer‑provided parking
• Team and family‑inclusive events