Job Description
Job Title: Information Security Auditor
Location: Onsite / Hybrid / Remote
Experience Required: 5 to 8 Years
Employment Type: Full-time
About the Role
We are seeking an experienced Information Security Auditor to evaluate, assess, and strengthen organizational security controls across multiple compliance frameworks including NIST, ISO 27001:2022, SOC 2, CMMC, and PCI DSS . The candidate will lead risk assessments, audit engagements, security governance reviews, and continuous compliance initiatives, ensuring robust security posture and regulatory adherence.
Key Responsibilities Plan, execute, and report information security audits across multiple standards and regulatory frameworks. Perform gap assessments , risk analysis, control testing, and compliance readiness reviews against: ISO/IEC 27001:2022 NIST CSF / NIST 800-series SOC 2 Type I & II CMMC Levels PCI DSS Evaluate effectiveness of security controls, governance processes, policies, and procedures.
Lead internal audits , vendor risk audits, and customer security assurance assessments. Develop and maintain Information Security Management System (ISMS) compliance documentation. Provide audit findings , remediation guidance, and improvement roadmaps to stakeholders. Support certification audits with external assessors. Drive continuous improvement initiatives aligned with risk management and compliance objectives . Work closely with IT, Cybersecurity, Risk, Legal, and Leadership teams.
Maintain strong knowledge of evolving industry regulatory requirements and best practices.
Required Skills & Qualifications
Bachelor’s degree in Information Security, Computer Science, Engineering, Risk Management, or related field.
Hands-on experience auditing and implementing : ISO 27001:2022 controls & certification lifecycle
NIST cybersecurity frameworks
SOC 2 Trust Services Criteria
CMMC compliance
PCI DSS security controls and audits
Strong understanding of:
Risk Management Methodologies
IT General Controls (ITGC)
Governance, Risk & Compliance (GRC) tools
Cloud security controls (AWS/Azure/GCP preferred)
Excellent analytical, reporting, and communication skills.
Ability to conduct independent audits and present findings to senior leadership.
Certifications (Mandatory)
Must hold an active certification from ISACA (International Information Systems Audit and Control Association) such as: CISA – Certified Information Systems Auditor (preferred) Or CISM / CRISC / CGEIT with strong auditing exposure Additional beneficial certifications:
ISO 27001 Lead Auditor / Implementer
PCI QSA (if applicable)
CISSP, CEH, or similar cybersecurity credentials
Key Attributes
Strong attention to detail
Ethical, confidential handling of sensitive information
Ability to work independently and collaboratively
Strong stakeholder management and leadership capability
Location: Onsite / Hybrid / Remote
Experience Required: 5 to 8 Years
Employment Type: Full-time
About the Role
We are seeking an experienced Information Security Auditor to evaluate, assess, and strengthen organizational security controls across multiple compliance frameworks including NIST, ISO 27001:2022, SOC 2, CMMC, and PCI DSS . The candidate will lead risk assessments, audit engagements, security governance reviews, and continuous compliance initiatives, ensuring robust security posture and regulatory adherence.
Key Responsibilities Plan, execute, and report information security audits across multiple standards and regulatory frameworks. Perform gap assessments , risk analysis, control testing, and compliance readiness reviews against: ISO/IEC 27001:2022 NIST CSF / NIST 800-series SOC 2 Type I & II CMMC Levels PCI DSS Evaluate effectiveness of security controls, governance processes, policies, and procedures.
Lead internal audits , vendor risk audits, and customer security assurance assessments. Develop and maintain Information Security Management System (ISMS) compliance documentation. Provide audit findings , remediation guidance, and improvement roadmaps to stakeholders. Support certification audits with external assessors. Drive continuous improvement initiatives aligned with risk management and compliance objectives . Work closely with IT, Cybersecurity, Risk, Legal, and Leadership teams.
Maintain strong knowledge of evolving industry regulatory requirements and best practices.
Required Skills & Qualifications
Bachelor’s degree in Information Security, Computer Science, Engineering, Risk Management, or related field.
Hands-on experience auditing and implementing : ISO 27001:2022 controls & certification lifecycle
NIST cybersecurity frameworks
SOC 2 Trust Services Criteria
CMMC compliance
PCI DSS security controls and audits
Strong understanding of:
Risk Management Methodologies
IT General Controls (ITGC)
Governance, Risk & Compliance (GRC) tools
Cloud security controls (AWS/Azure/GCP preferred)
Excellent analytical, reporting, and communication skills.
Ability to conduct independent audits and present findings to senior leadership.
Certifications (Mandatory)
Must hold an active certification from ISACA (International Information Systems Audit and Control Association) such as: CISA – Certified Information Systems Auditor (preferred) Or CISM / CRISC / CGEIT with strong auditing exposure Additional beneficial certifications:
ISO 27001 Lead Auditor / Implementer
PCI QSA (if applicable)
CISSP, CEH, or similar cybersecurity credentials
Key Attributes
Strong attention to detail
Ethical, confidential handling of sensitive information
Ability to work independently and collaboratively
Strong stakeholder management and leadership capability
Apply for this Position
Ready to join ? Click the button below to submit your application.
Submit Application