The IT Auditor II will coordinate with cybersecurity and IT risk management team in assessing and ensuring compliance with contractual obligations, industry standards, and best practices for vendor cybersecurity and IT contracts. This position involves evaluating vendor controls, documenting findings, and collaborating with internal stakeholders to mitigate potential risks.

This position performs all duties and responsibilities in accordance with the Mission, Vision, and Core Values of Cayuse.

• Review vendor contracts, SLAs, and other IT and cybersecurity contractual requirements to confirm compliance with contractual obligations.
• Evaluate the design and implementation of vendor cybersecurity controls against contractual and industry standards.
• Collect and analyze evidence such as security policies, system configurations, logs, and access records.
• Conduct interviews with vendor personnel to assess security practices and governance.
• Perform control testing and sampling to verify the effectiveness of technical and administrative safeguards.
• Identify gaps, deficiencies, or non-compliance in vendor controls and assess associated risks.
• Prepare audit reports summarizing findings, risks, and recommended corrective actions.
• Track remediation efforts and validate closure of audit findings.
• Coordinate with internal stakeholders to ensure vendor risks are communicated and addressed.
• Other duties as assigned.

Here’s What You Need

• 5 Required Cybersecurity frameworks and compliance: Proven experience auditing controls against NIST, ISO 27001, PCI-DSS, or SOC 2 standards, with working knowledge of current data protection laws, regulatory compliance, and third-party risk management practices.
• 5 Required Technical IT auditing: Strong ability to evaluate security controls such as network protection, identity access management, endpoint security, and incident response across modern IT environments.
• 5 Required Communication and reporting: Experienced in drafting audit reports, presenting findings to executive and legal stakeholders, and engaging vendors constructively.
• 5 Required Analytical and investigative thinking: Demonstrated ability to identify security gaps, assess risk impact, and make sound, evidence-based recommendations.
• 4 Required Third-party/vendor risk auditing: Hands-on experience conducting cybersecurity audits of external vendors, including due diligence, contract compliance, and risk assessments.
• 3 Required Policy and documentation review: Skilled at reviewing and validating security documentation, procedures, and control implementation for accuracy and completeness.
• Must be able to pass a background check. May require additional background checks as required by projects and/or clients at any time during employment.

Minimum Skills:

• Exceptional interpersonal skills with the ability to communicate in a clear, professional, and articulate manner.
• Exceptional verbal and written communication skills.
• Excellent organizational, analytical, and problem-solving skills with high-level attention to detail.
• Proven ability to multitask and prioritize in a fast past environment with changing priorities; adaptable to change and a quick learner.
• Must be self-motivated and able to work well independently as well as on a multi-functional team.
• Ability to handle sensitive and confidential information appropriately
• Proficient in MS Office, Word, Outlook, PowerPoint, and Excel.

Desired Qualifications:

• 3 Preferred Incident response and breach assessment: Familiarity with analyzing vendor incident response plans, reviewing past breaches, and evaluating remediation practices.
• 3 Preferred Contract interpretation and SLA compliance: Ability to interpret legal and technical language in vendor contracts to ensure proper implementation of SLAs, IT, and cybersecurity obligations.
• 2 Preferred Government or regulated industry experience: Background in auditing technology vendors serving courts.
• 2 Preferred Presentation to executives: Experience summarizing technical findings for non-technical audiences, including C-suite executives or legal counsel.
• 1 Preferred Certifications: At least one relevant certification (CISA, CISSP, CRISC, or ISO 27001 Lead Auditor).

Our Commitment to you / overview of benefits

• Medical, Dental and Vision Insurance; Wellness Program
• Flexible Spending Accounts (Healthcare, Dependent Care, Commuter)
• Short-Term and Long-Term Disability options
• Basic Life and AD&D Insurance (Company Provided)
• Voluntary Life and AD&D options
• 401(k) Retirement Savings Plan with matching after one year
• Paid Time Off

Reports to: Program Manager

Working Conditions

• Professional office environment.
• Ability to work onsite in Austin, TX.
• Must be physically and mentally able to perform duties extended periods of time.
• Ability to use a computer and other office productivity tools with sufficient speed to meet the demands of this position.
• Must be able to establish a productive and professional workspace.
• Must be able to sit for long periods of time looking at computer screen.

• May be asked to work a flexible schedule which may include holidays.
• May be asked to travel for business or professional development purposes.
• May be asked to work hours outside of normal business hours.

Other Duties: Please note this job description is not designed to cover or contain a comprehensive list of activities, duties or responsibilities that are required of the employee for this job.  Duties, responsibilities, and activities may change at any time with or without notice.

Cayuse is an Equal Opportunity Employer.  All employment decisions are based on merit, qualifications, skills, and abilities. All qualified applicants will receive consideration for employment in accordance with any applicable federal, state, or local law.