IT Auditor II

Job Description

Job Description

Company Description

RESPEC seeks an experienced Project Manager/Senior Project Manager to primarily support our Denver, CO location. The position may be based in one of our offices located in Colorado Springs, Denver, Grand Junction, or Loveland.

Big challenges need bold thinkers.

If you’re someone who sees problems as opportunities, you’ll thrive here. RESPEC is 100% employee-owned , which means we take ownership of every challenge. Here, your ideas drive real solutions. Since 1969, we’ve tackled complex challenges in energy transition, infrastructure resilience, digital transformation, and sustainability.

At RESPEC, you’ll work alongside clients to take on critical problems . Depending on your expertise, you might design infrastructure in remote locations, develop renewable energy solutions for global projects, or apply data-driven technology to improve mining and water systems.

We bring deep technical knowledge, real-world experience, and a commitment to work that matters. If you're looking for a place where your contributions have real impact, you’ll fit right in.

We do not accept unsolicited resumes from third-party recruiters.

RESPEC’s Data & Technology Solutions (DTS) team is seeking an experienced IT Auditor II to support the Office of Court Administration in evaluating vendor cybersecurity controls, ensuring compliance with contractual and regulatory standards, and mitigating third-party risk.

This role is ideal for professionals passionate about information security, vendor governance, and public-sector IT compliance , bringing both technical and analytical acumen to one of the most critical state-level initiatives in Texas.

Responsibilities:

• Review vendor contracts, SLAs, and cybersecurity clauses for compliance and alignment with Texas state standards.
• Audit vendor environments and assess cybersecurity controls against NIST, ISO 27001, PCI-DSS, and SOC 2 frameworks.
• Collect and analyze technical evidence—such as configurations, access logs, and security policies—to validate control effectiveness.
• Conduct interviews with vendor personnel to evaluate governance and operational practices.
• Identify control gaps, assess risk exposure, and recommend corrective actions.
• Prepare concise, professional audit reports and risk summaries for executive stakeholders.
• Track and validate remediation activities and closure of audit findings.
• Collaborate with internal OCA staff and RESPEC project leadership to ensure vendor risks are communicated and addressed.

Qualifications:

• 5+ years auditing cybersecurity frameworks (NIST, ISO 27001, PCI-DSS, SOC 2).
• 5+ years technical IT auditing across network, IAM, endpoint, and incident response systems.
• 5+ years drafting audit reports and presenting findings to executive, legal, or compliance audiences.
• 5+ years analytical and investigative experience identifying and remediating IT control gaps.
• 4+ years vendor or third-party risk auditing experience.
• 3+ years reviewing policy and documentation accuracy and completeness.

Nice to Have:

• Cloud cybersecurity auditing (AWS, Azure, Google Cloud).
• Experience in incident response or breach assessment.
• Ability to interpret technical and legal contract language (SLAs, security clauses).
• Background in government or regulated industries.
• Strong communication skills for executive-level presentations.
• Certifications: CISA, CISSP, CRISC, or ISO 27001 Lead Auditor.

All your information will be kept confidential according to EEO guidelines.

All your information will be kept confidential according to EEO guidelines.