Senior Information Systems Auditor

🕒 June 9

Apply Now
Find Similar Remote Jobs

📊 Check your resume score for this job

Improve your chances of getting an interview by checking your resume score before you apply.

Logo of Picus Security

Picus Security

51 - 200 employees

🔒 Cybersecurity

💰 Corporate Round on 2022-05

Cybersecurity

Picus Security is a company that specializes in security validation and exposure management solutions. Their platform conducts breach and attack simulations, automated penetration testing, and adversarial exposure validation to optimize and measure the effectiveness of security controls for detection and prevention. Picus helps organizations enhance their cybersecurity posture by providing a comprehensive analysis of vulnerabilities through continuous threat exposure management. They also offer educational resources on security operations and advanced threat intelligence to help teams stay ahead of evolving threats.

📋 Description

• Lead and oversee global compliance programs (ISO/IEC 27001, 22301, 27701, 20000-1, SOC 2, NIST CSF, CSA STAR) to maintain continuous audit readiness • Plan and execute risk-based IT and internal audits, with a strong focus on secure SDLC, software engineering processes, cloud infrastructure, and AI security domains • Evaluate and enhance the effectiveness of security and governance controls, driving continuous improvement across policies and processes • Contribute to RFPs and security questionnaires with accurate and strategic security and compliance input • Manage audit and security vulnerability findings end-to-end, ensuring sustainable remediation and measurable control improvements • Actively support the Third-Party Risk Management (TPRM) program by participating in SaaS security assessments and vendor due diligence • Define and track key audit and compliance metrics, reporting insights to leadership and relevant stakeholders • Assess the risk and privacy impact of emerging technologies (AI, ML, and automation), guiding engineering teams on secure adoption practices.

🎯 Requirements

• 3+ years of hands-on experience in audit, compliance, risk management, or information security, preferably within a SaaS, cloud-native, or technology-driven environment • Hands-on experience with ISO/IEC standards (27001, 27701, 22301, 20000-1) and SOC 2, including preparation, audit coordination, and evidence management • Experience advising cross-functional stakeholders and influencing control improvements in dynamic technology environments • Practical knowledge of international security and privacy regulations (e.g., GDPR, CCPA) and related compliance practices • Experience supporting or managing Third-Party Risk Management (TPRM), vendor due diligence, and customer-facing compliance processes • Proven ability to manage multiple audits and compliance initiatives simultaneously in a fast-paced environment • Strong verbal and written communication skills in English, including documentation and policy writing.

🏖️ Benefits

• Unlimited opportunity • Global exposure • Equal opportunity employer • Candidates required to complete reference and identity checks

Apply Now