IT Auditor - Cybersecurity Compliance

Job DescriptionJob Description

Texas Only | | Closes 10/10
Loc: Hybrid On Site & Telework - USC/GC (no H1B)

I. DESCRIPTION OF SERVICES

Office of Court Administration requires the services of 1 IT Auditor 2, hereafter referred to as Candidate(s), who meets the general qualifications of IT Auditor 2, Security and the specifications outlined in this document for the Office of Court Administration.

• Review vendor contracts, SLAs, and other IT and cybersecurity contractual requirements to confirm compliance with contractual obligations.
• Evaluate the design and implementation of vendor cybersecurity controls against contractual and industry standards.
• Collect and analyze evidence such as security policies, system configurations, logs, and access records.
• Conduct interviews with vendor personnel to assess security practices and governance.
• Perform control testing and sampling to verify the effectiveness of technical and administrative safeguards.
• Identify gaps, deficiencies, or non-compliance in vendor controls and assess associated risks.
• Prepare audit reports summarizing findings, risks, and recommended corrective actions.
• Track remediation efforts and validate closure of audit findings.
• Coordinate with internal stakeholders to ensure vendor risks are communicated and addressed.

II. CANDIDATE SKILLS AND QUALIFICATIONS

Minimum Requirements:
Candidates that do not meet or exceed the minimum stated requirements (skills/experience) will be displayed to customers but may not be chosen for this opportunity.YearsRequired/ PreferredExperience5RequiredCybersecurity frameworks and compliance: Proven experience auditing controls against NIST, ISO 27001, PCI-DSS, or SOC 2 standards, with working knowledge of current data protection laws, regulatory compliance, and third-party risk management practices.5RequiredTechnical IT auditing: Strong ability to evaluate security controls such as network protection, access management, endpoint security, and incident response across modern IT environments.5RequiredCommunication and reporting: Experienced in drafting audit reports, presenting findings to executive and legal stakeholders, and engaging vendors constructively.5RequiredAnalytical and investigative thinking: Demonstrated ability to identify security gaps, assess risk impact, and make sound, evidence-based recommendations.4RequiredThird-party/vendor risk auditing: Hands-on experience conducting cybersecurity audits of external vendors, including due diligence, contract compliance, and risk assessments.3RequiredPolicy and documenta