IT Auditor II / Cybersecurity Auditor - Austin, TX - Hybrid - On Site and Telework - For State of Texas

Position Overview

The State of Texas Office of Court Administration is seeking an IT Auditor II for its office located at 205 W 14th Street, Austin, TX 78701. This role operates in a Hybrid work environment combining On Site presence and Telework arrangements. Please note that any travel, per diem, parking, and/or living expenses will be the Candidate's and/or Vendor's expense.

Key Responsibilities

• Review vendor contracts, SLAs, and other IT and cybersecurity contractual requirements to confirm compliance.
• Evaluate the design and implementation of vendor cybersecurity controls against contractual and industry standards.
• Collect and analyze evidence such as security policies, system configurations, logs, and access records.
• Conduct interviews with vendor personnel to assess security practices and governance.
• Perform control testing and sampling to verify the effectiveness of technical and administrative safeguards.
• Identify gaps, deficiencies, or non-compliance in vendor controls and assess associated risks.
• Prepare audit reports summarizing findings, risks, and recommended corrective actions.
• Track remediation efforts and validate closure of audit findings.
• Coordinate with internal stakeholders to ensure that vendor risks are communicated and addressed.

Required Qualifications

• Cybersecurity Frameworks and Compliance: Minimum 5 years’ experience auditing controls against NIST, ISO 27001, PCI-DSS, or SOC 2 standards with working knowledge of current data protection laws, regulatory compliance, and third-party risk management practices.
• Technical IT Auditing: At least 5 years’ experience evaluating security controls, including network protection, identity access management, endpoint security, and incident response.
• Communication and Reporting: Minimum 5 years’ experience drafting audit reports, presenting findings to executive and legal stakeholders, and engaging vendors constructively.
• Analytical and Investigative Thinking: At least 5 years’ demonstrated experience in identifying security gaps, assessing risk impact, and making evidence-based recommendations.
• Third-Party/Vendor Risk Auditing: Minimum 4 years’ hands-on experience in auditing cybersecurity controls of external vendors including due diligence, contract compliance, and risk assessments.
• Policy and Documentation Review: At least 3 years’ experience reviewing and validating security documentation, procedures, and control implementations.

Preferred Qualifications

• Cloud Cybersecurity Auditing: 3 years of experience auditing vendor environments hosted in AWS, Azure, or Google Cloud, including knowledge of cloud-native controls and shared responsibility models.
• Incident Response and Breach Assessment: 3 years’ experience in analyzing vendor incident response plans, reviewing past breaches, and evaluating remediation practices.
• Contract Interpretation and SLA Compliance: 3 years’ ability to interpret legal and technical language in vendor contracts to ensure proper implementation of SLAs and IT, cybersecurity obligations.
• Government or Regulated Industry Experience: 2 years’ background in auditing technology vendors serving courts or similar regulated industries.
• Presentation to Executives: 2 years’ experience summarizing technical findings for non-technical audiences, including C-suite executives or legal counsel.
• Certifications: Possession of at least one relevant certification such as CISA, CISSP, CRISC, or ISO 27001 Lead Auditor is preferred.