IT Auditor Lead

Dice is the leading career destination for tech experts at every stage of their careers. Our client, Dminds Solutions Inc., is seeking the following. Apply via Dice today!

IT Auditor Lead

Austin, TX-78741 (Hybrid)

Long term contract

• We are seeking a highly motivated and talented individual to join our cybersecurity team at the Texas Office of the Attorney General (TxOAG) as an IT Auditor.
• The IT Auditor is responsible for providing independent assurance over the organization’s information technology and cybersecurity control environment.
• The role supports risk management, regulatory compliance, and the overall effectiveness of cybersecurity governance.

• Plan, execute, and report on IT and cybersecurity audits to assess the effectiveness of security controls, risk management practices, and compliance with policies and regulations.
• Evaluate the design and operating effectiveness of cybersecurity controls across areas such as identity and access management, network security, endpoint protection, cloud security, and data protection.
• Conduct risk assessments and control testing aligned to recognized frameworks (e.g., NIST CSF, ISO 27001, CIS Controls, COBIT).
• Assess compliance with applicable regulatory and contractual requirements (e.g., SOX, PCI DSS, HIPAA, GDPR, SOC reports, internal policies).
• Review vulnerability management, incident response, disaster recovery, and business continuity processes to ensure preparedness and resilience.
• Collaborate closely with GRC and business stakeholders to understand systems, processes, and compliance.
• Identify control gaps, root causes, and risk implications, and develop clear, actionable audit findings and recommendations.
• Track and validate remediation efforts to ensure timely and effective resolution of audit issues.
• Support third‑party risk assessments, including reviews of vendor security controls and SOC reports.
• Stay current on evolving regulatory changes, and industry best practices to continuously enhance audit approaches.
• Contribute to the continuous improvement of audit methodologies, tools, and automation techniques.
• Prepare and present audit results to management and, when required, senior leadership or audit committees.

The above job description and requirements are general in nature and may be subject to change based on the specific needs and requirements of the organization and project.

• 8 years experience required:
  Plan, conduct, and document IT and cybersecurity audits in accordance with approved audit methodologies and professional standards.
• 8 years experience required:
  Evaluate the design and operating effectiveness of information security controls across systems, networks, applications, cloud environments, and data platforms.
• 8 years experience required:
  Assess cybersecurity risks and controls in alignment with recognized frameworks and standards.
• 8 years experience required:
  Perform testing to assess compliance with applicable laws, regulations, contractual obligations, and internal policies.
• 8 years experience required:
  Review and assess processes related to identity and access management, vulnerability management, incident response, disaster recovery, and business continuity.
• 8 years experience required:
  Identify control deficiencies, assess risk impact, and develop clear, well‑supported audit findings and recommendations.
• 8 years experience required:
  Prepare formal audit reports that communicate results, conclusions, and remediation requirements to management.
• 8 years experience required:
  Monitor, track, and validate management remediation plans to ensure timely and effective resolution of audit issues.
• 8 years experience required:
  Ability to resolve complex security issues in diverse and decentralized environments; to learn, communicate, and teach new information and security technologies; and to communicate effectively.
• 3 years experience required:
  Conduct forensic investigations on cyberattacks to determine how they occurred and how they can be prevented in the future.

• CISSP, PMP certifications.