Job Title

Job Title: Information Security AuditorLocation: Onsite / Hybrid / RemoteExperience Required: 5 to 8 Years Employment Type: Full-timeAbout the RoleWe are seeking an experienced Information Security Auditor to evaluate, assess, and strengthen organizational security controls across multiple compliance frameworks including NIST, ISO 27001:2022, SOC 2, CMMC, and PCI DSS. The candidate will lead risk assessments, audit engagements, security governance reviews, and continuous compliance initiatives, ensuring robust security posture and regulatory adherence.Key ResponsibilitiesPlan, execute, and report information security audits across multiple standards and regulatory frameworks.Perform gap assessments, risk analysis, control testing, and compliance readiness reviews against:ISO/IEC 27001:2022NIST CSF / NIST 800-seriesSOC 2 Type I & IICMMC LevelsPCI DSSEvaluate effectiveness of security controls, governance processes, policies, and procedures.Lead internal audits, vendor risk audits, and customer security assurance assessments.Develop and maintain Information Security Management System (ISMS) compliance documentation.Provide audit findings, remediation guidance, and improvement roadmaps to stakeholders.Support certification audits with external assessors.Drive continuous improvement initiatives aligned with risk management and compliance objectives.Work closely with IT, Cybersecurity, Risk, Legal, and Leadership teams.Maintain strong knowledge of evolving industry regulatory requirements and best practices.Required Skills & QualificationsBachelor’s degree in Information Security, Computer Science, Engineering, Risk Management, or related field.Hands-on experience auditing and implementing:ISO 27001:2022 controls & certification lifecycleNIST cybersecurity frameworksSOC 2 Trust Services CriteriaCMMC compliancePCI DSS security controls and auditsStrong understanding of:Risk Management MethodologiesIT General Controls (ITGC)Governance, Risk & Compliance (GRC) toolsCloud security controls (AWS/Azure/GCP preferred)Excellent analytical, reporting, and communication skills.Ability to conduct independent audits and present findings to senior leadership.Certifications (Mandatory)Must hold an active certification from ISACA (International Information Systems Audit and Control Association) such as:CISA – Certified Information Systems Auditor (preferred)Or CISM / CRISC / CGEIT with strong auditing exposureAdditional beneficial certifications:ISO 27001 Lead Auditor / ImplementerPCI QSA (if applicable)CISSP, CEH, or similar cybersecurity credentialsKey AttributesStrong attention to detailEthical, confidential handling of sensitive informationAbility to work independently and collaborativelyStrong stakeholder management and leadership capability