Vendor Cybersecurity Auditor

Skills:

auditing cybersecurity frameworks and compliance (NIST, ISO 27001, PCI-DSS, SOC 2), IT auditing, drafting audit reports, presenting findings,identify gaps, assess risks, and recommend solutions.

Position Overview

We are seeking an experienced Vendor Cybersecurity Auditor to evaluate third-party vendors against contractual, regulatory, and industry cybersecurity requirements. This role involves reviewing vendor contracts, conducting technical audits, analyzing evidence, and ensuring compliance with established frameworks such as NIST, ISO 27001, PCI-DSS, and SOC 2. The ideal candidate will have strong IT auditing expertise, excellent communication skills, and proven experience in vendor risk management and compliance.

Key Responsibilities

• Review vendor contracts, SLAs, and cybersecurity requirements to confirm compliance with contractual obligations.

• Evaluate the design and implementation of vendor cybersecurity controls against contractual, regulatory, and industry standards.

• Collect and analyze evidence such as security policies, system configurations, logs, and access records.

• Conduct interviews with vendor personnel to assess security practices and governance.

• Perform control testing and sampling to verify the effectiveness of technical and administrative safeguards.

• Identify gaps, deficiencies, or non-compliance in vendor controls and assess associated risks.

• Prepare detailed audit reports summarizing findings, risks, and recommended corrective actions.

• Track remediation efforts and validate closure of audit findings.

• Coordinate with internal stakeholders to ensure vendor risks are effectively communicated and addressed.

Minimum Qualifications

• 5+ years of experience auditing cybersecurity frameworks and compliance (NIST, ISO 27001, PCI-DSS, SOC 2).

• 5+ years of experience in IT auditing, including evaluation of controls such as network protection, identity access management, endpoint security, and incident response.

• 5+ years of experience drafting audit reports, presenting findings, and engaging with executive and legal stakeholders.

• 5+ years of experience applying analytical and investigative thinking to identify gaps, assess risks, and recommend solutions.

• 4+ years of experience conducting third-party/vendor risk audits (due diligence, compliance, risk assessments).

• 3+ years of experience reviewing and validating security documentation and procedures.

Preferred Qualifications

• 3+ years of experience auditing cloud environments (AWS, Azure, GCP) and understanding shared responsibility models.

• 3+ years of experience assessing incident response plans, breach remediation, and resilience practices.

• 3+ years of experience interpreting contracts and SLAs related to IT and cybersecurity obligations.

• 2+ years of experience auditing vendors in government or regulated industries (courts, finance, healthcare).

• 2+ years of experience presenting audit findings to executives and non-technical stakeholders.

• 1+ certification in cybersecurity or auditing (e.g., CISA, CISSP, CRISC, ISO 27001 Lead Auditor).

Key Skills

• Vendor risk management and compliance auditing

• Cybersecurity frameworks (NIST, ISO 27001, PCI-DSS, SOC 2)

• Technical IT control assessments

• Policy and documentation review

• Strong communication and executive presentation skills

• Analytical and investigative problem-solving