Information Security Auditor

Job Title: Information Security Auditor

Location: Onsite / Hybrid / Remote

Experience Required: 5 to 8 Years 

Employment Type: Full-time

About the Role

We are seeking an experienced Information Security Auditor  to evaluate, assess, and strengthen organizational security controls across multiple compliance frameworks including NIST, ISO 27001:2022, SOC 2, CMMC, and PCI DSS . The candidate will lead risk assessments, audit engagements, security governance reviews, and continuous compliance initiatives, ensuring robust security posture and regulatory adherence.

Key Responsibilities

• Plan, execute, and report information security audits  across multiple standards and regulatory frameworks.
• Perform gap assessments , risk analysis, control testing, and compliance readiness reviews against:
• ISO/IEC 27001:2022
• NIST CSF / NIST 800-series
• SOC 2 Type I & II
• CMMC Levels
• PCI DSS
• Evaluate effectiveness of security controls, governance processes, policies, and procedures.
• Lead internal audits , vendor risk audits, and customer security assurance assessments.
• Develop and maintain Information Security Management System (ISMS)  compliance documentation.
• Provide audit findings , remediation guidance, and improvement roadmaps to stakeholders.
• Support certification audits  with external assessors.
• Drive continuous improvement initiatives aligned with risk management and compliance objectives .
• Work closely with IT, Cybersecurity, Risk, Legal, and Leadership teams.
• Maintain strong knowledge of evolving industry regulatory requirements and best practices.

Required Skills & Qualifications

• Bachelor’s degree in Information Security, Computer Science, Engineering, Risk Management, or related field.
• Hands-on experience auditing and implementing :
• ISO 27001:2022 controls & certification lifecycle
• NIST cybersecurity frameworks
• SOC 2 Trust Services Criteria
• CMMC compliance
• PCI DSS security controls and audits
• Strong understanding of:
• Risk Management Methodologies
• IT General Controls (ITGC)
• Governance, Risk & Compliance (GRC) tools
• Cloud security controls (AWS/Azure/GCP preferred)
• Excellent analytical, reporting, and communication skills.
• Ability to conduct independent audits and present findings to senior leadership.

Certifications (Mandatory)

Must hold an active certification from ISACA (International Information Systems Audit and Control Association)  such as:

• CISA – Certified Information Systems Auditor  (preferred)
• Or CISM / CRISC / CGEIT  with strong auditing exposure

Additional beneficial certifications:

• ISO 27001 Lead Auditor / Implementer
• PCI QSA (if applicable)
• CISSP, CEH, or similar cybersecurity credentials

Key Attributes

• Strong attention to detail
• Ethical, confidential handling of sensitive information
• Ability to work independently and collaboratively
• Strong stakeholder management and leadership capability