Information Security Auditor

Job Title:Information Security Auditor

Location:Onsite / Hybrid / Remote

Experience Required: 5 to 8 Years

Employment Type:Full-time

About the Role

We are seeking an experiencedInformation Security Auditor to evaluate, assess, and strengthen organizational security controls across multiple compliance frameworks includingNIST, ISO 27001:2022, SOC 2, CMMC, and PCI DSS . The candidate will lead risk assessments, audit engagements, security governance reviews, and continuous compliance initiatives, ensuring robust security posture and regulatory adherence.

Key Responsibilities

• Plan, execute, and reportinformation security audits across multiple standards and regulatory frameworks.
• Performgap assessments , risk analysis, control testing, and compliance readiness reviews against:
• ISO/IEC 27001:2022
• NIST CSF / NIST 800-series
• SOC 2 Type I & II
• CMMC Levels
• PCI DSS
• Evaluate effectiveness of security controls, governance processes, policies, and procedures.
• Leadinternal audits , vendor risk audits, and customer security assurance assessments.
• Develop and maintainInformation Security Management System (ISMS) compliance documentation.
• Provideaudit findings , remediation guidance, and improvement roadmaps to stakeholders.
• Supportcertification audits with external assessors.
• Drive continuous improvement initiatives aligned withrisk management and compliance objectives .
• Work closely with IT, Cybersecurity, Risk, Legal, and Leadership teams.
• Maintain strong knowledge of evolving industry regulatory requirements and best practices.

Required Skills & Qualifications

• Bachelors degree in Information Security, Computer Science, Engineering, Risk Management, or related field.
• Hands-on experience auditing and implementing :
• ISO 27001:2022 controls & certification lifecycle
• NIST cybersecurity frameworks
• SOC 2 Trust Services Criteria
• CMMC compliance
• PCI DSS security controls and audits
• Strong understanding of:
• Risk Management Methodologies
• IT General Controls (ITGC)
• Governance, Risk & Compliance (GRC) tools
• Cloud security controls (AWS/Azure/GCP preferred)
• Excellent analytical, reporting, and communication skills.
• Ability to conduct independent audits and present findings to senior leadership.

Certifications (Mandatory)

Must holdan active certification from ISACA (International Information Systems Audit and Control Association) such as:

• CISA Certified Information Systems Auditor (preferred)
• OrCISM / CRISC / CGEIT with strong auditing exposure

Additional beneficial certifications:

• ISO 27001 Lead Auditor / Implementer
• PCI QSA (if applicable)
• CISSP, CEH, or similar cybersecurity credentials

Key Attributes

• Strong attention to detail
• Ethical, confidential handling of sensitive information
• Ability to work independently and collaboratively
• Strong stakeholder management and leadership capability