Vendor Cybersecurity Auditor #2945

About the position We are seeking a Vendor Cybersecurity Auditor to assess and ensure the security and compliance of our third-party vendors. In this role, you will evaluate cybersecurity controls, identify gaps, and ensure vendors meet their contractual obligations related to IT and security standards. This is a critical position that plays a key role in protecting organizational data and managing third-party risk — ideal for someone who thrives in detail-driven environments, values evidence-based analysis, and is confident in interfacing with both technical and legal stakeholders. Responsibilities • Review vendor contracts, SLAs, and cybersecurity-related requirements for compliance with contractual obligations. • Evaluate vendor security controls against contractual terms and recognized industry standards (e.g., NIST, ISO 27001, SOC 2, PCI-DSS). • Analyze documentation and technical evidence including system configurations, access logs, and security policies. • Conduct interviews with vendor personnel to assess their security practices and governance maturity. • Perform sampling and control testing of administrative and technical safeguards. • Identify control deficiencies and assess associated risks to the organization. • Draft clear, professional audit reports summarizing findings, risks, and recommended remediations. • Track remediation efforts and validate closure of findings. • Collaborate with internal teams to ensure vendor risks are appropriately managed and escalated. Requirements • 5+ years of experience auditing cybersecurity controls against NIST, ISO 27001, SOC 2, or PCI-DSS frameworks. • 5+ years of technical IT auditing experience, including assessment of network security, identity access management, endpoint protection, and incident response. • Strong experience creating audit documentation and presenting findings to executives, legal, and technical teams. • Demonstrated investigative and analytical skills in identifying risk and security gaps. • 4+ years of experience in third-party/vendor cybersecurity risk assessments and audits. • 3+ years reviewing security policies and documentation for completeness and accuracy. • Experience auditing cloud-hosted environments (AWS, Azure, or GCP) and understanding of shared responsibility models • Familiarity with vendor incident response plans and breach assessments. • Ability to interpret contracts and ensure alignment with SLAs and cybersecurity requirements. • Experience auditing vendors in a government or regulated industry (e.g., courts, justice systems). • Proven ability to present complex findings to executive or legal audiences. • At least one relevant certification: CISA, CISSP, CRISC, or ISO 27001 Lead Auditor. Benefits • Contribute to an organization committed to data protection and vendor governance. • Work in a supportive and collaborative environment with high visibility. • Be part of a forward-looking cybersecurity team that values transparency and accountability. • Opportunities for professional growth and continued learning. Apply tot his job Apply To this Job