4,372 Information Security Auditor jobs in the United States

Our client is seeking an experienced and diligent Lead Information Security Auditor to join their growing team in Philadelphia, Pennsylvania, US . This pivotal role is responsible for planning, executing, and reporting on information security audits to ensure compliance with internal policies, industry regulations, and best practices. The ideal candidate will have a comprehensive understanding of cybersecurity threats, vulnerabilities, and risk management frameworks. You will lead a team of auditors, providing guidance and oversight to ensure the thoroughness and accuracy of audit procedures. This role involves assessing the effectiveness of security controls across various IT systems, applications, and networks, including cloud environments.

Key responsibilities will include developing audit plans and scopes, conducting interviews with IT personnel, performing vulnerability assessments, and analyzing security logs and data. You will be responsible for identifying security gaps, recommending remediation actions, and tracking the implementation of these recommendations. The Lead Auditor will play a crucial role in preparing detailed audit reports for management and relevant stakeholders, ensuring clarity and actionable insights. Staying current with the latest cybersecurity trends, threats, and regulatory changes is essential. This position requires strong leadership qualities, excellent analytical and problem-solving abilities, and exceptional communication skills to effectively convey complex security findings. The role operates on a hybrid model, allowing for a flexible balance between in-office collaboration and focused remote work.

Qualifications:

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field.
• Minimum of 8 years of experience in information security, with at least 3 years in an auditing or compliance role.
• Professional certifications such as CISSP, CISA, CISM, or CRISC are required.
• In-depth knowledge of cybersecurity frameworks (e.g., NIST, ISO 27001, SOC 2).
• Experience with vulnerability assessment tools and security monitoring technologies.
• Strong understanding of IT governance, risk management, and compliance principles.
• Excellent written and verbal communication skills, with the ability to present findings to both technical and executive audiences.
• Demonstrated leadership and team management capabilities.
• Experience in financial services or healthcare sectors is a plus.

Our client, a rapidly growing technology firm, is seeking a highly experienced Senior Information Security Auditor to join their fully remote team. This critical role is responsible for assessing, auditing, and ensuring the effectiveness of the company's information security controls, policies, and procedures. You will play a key part in safeguarding sensitive data, ensuring compliance with regulatory requirements, and mitigating security risks across the organization. The ideal candidate will possess a deep understanding of information security principles, risk management frameworks (e.g., NIST, ISO 27001), and various auditing methodologies. Responsibilities include planning and executing security audits, identifying vulnerabilities, and developing remediation plans. You will evaluate the security posture of IT infrastructure, applications, and third-party vendors. Experience with security testing tools, penetration testing concepts, and incident response protocols is highly valued. This role requires a meticulous approach to documentation, the ability to clearly communicate complex security findings to both technical and non-technical stakeholders, and strong project management skills to ensure audit tasks are completed efficiently and on time. Continuous monitoring of the security environment and recommending proactive measures to enhance security defenses are also key responsibilities. Staying current with emerging threats and evolving regulatory landscapes is crucial. This is an excellent opportunity for a seasoned security professional to make a significant impact in a dynamic, remote-first environment, contributing directly to the organization's security resilience and trustworthiness.

Responsibilities:

• Plan and conduct comprehensive information security audits.
• Assess security controls, policies, and procedures for compliance and effectiveness.
• Identify and document security vulnerabilities and risks.
• Develop detailed remediation plans and track their implementation.
• Evaluate IT infrastructure, applications, and vendor security practices.
• Stay updated on the latest security threats and regulatory requirements.
• Prepare clear and concise audit reports for management and stakeholders.
• Provide expert advice on information security best practices.
• Contribute to the development and improvement of security policies.

Qualifications:

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field.
• 7+ years of experience in information security, with a focus on auditing and risk assessment.
• Deep knowledge of information security frameworks (NIST, ISO 27001, SOC 2).
• Experience with security assessment tools and methodologies.
• Strong understanding of network security, application security, and cloud security.
• Relevant certifications such as CISSP, CISA, or CRISC are highly desirable.
• Excellent analytical, problem-solving, and critical thinking skills.
• Superior written and verbal communication skills.
• Proven ability to work independently and manage multiple audit projects simultaneously.

Our client is seeking a highly analytical and detail-oriented Senior Information Security Auditor to join their dedicated remote team. This role is pivotal in assessing and enhancing the security posture of the organization's information systems and processes. You will conduct comprehensive audits, identify vulnerabilities, and develop recommendations to ensure compliance with industry standards and regulatory requirements. The ideal candidate will possess extensive knowledge of security frameworks, risk management principles, and auditing methodologies. This is a fantastic opportunity for an experienced security professional to contribute to a robust cybersecurity program from a remote setting.

Key responsibilities include: planning and executing information security audits, assessing the effectiveness of internal controls and security measures, identifying and documenting security risks and control weaknesses, developing practical and actionable recommendations for remediation, preparing detailed audit reports for management, staying current with relevant regulations (e.g., GDPR, HIPAA, SOX) and best practices, collaborating with IT and security teams to implement audit recommendations, and conducting follow-up reviews to ensure remediation effectiveness. You will also contribute to the development and improvement of the internal audit program.

Qualifications:

• Bachelor's degree in Information Technology, Computer Science, Cybersecurity, or a related field.
• 5-7 years of experience in information security, IT auditing, or risk management.
• In-depth knowledge of security frameworks such as NIST, ISO 27001, and COBIT.
• Experience with various compliance regulations relevant to the industry.
• Proven ability to conduct risk assessments and vulnerability analyses.
• Excellent understanding of IT controls, network security, application security, and data privacy.
• Strong analytical, problem-solving, and critical thinking skills.
• Exceptional report writing and communication skills.
• Professional certifications such as CISSP, CISA, or CRISC are highly desirable.
• Ability to work independently with minimal supervision in a remote environment.
• Experience with audit management software is a plus.

This role is fully remote, allowing you to work from your home office. Our client offers a competitive salary, comprehensive benefits package, and the opportunity to work with a leading organization focused on maintaining the highest standards of information security.

Our client, a rapidly growing financial services institution, is seeking a highly skilled and experienced Senior Information Security Auditor to join their compliance and risk management team in Oklahoma City, Oklahoma, US . This pivotal role is responsible for assessing and verifying the effectiveness of our client's information security controls and ensuring adherence to regulatory requirements and industry best practices. You will play a key part in identifying vulnerabilities, mitigating risks, and enhancing the overall security posture of the organization.

Key responsibilities include planning and executing comprehensive security audits, evaluating IT security policies and procedures, and performing risk assessments across various systems and applications. You will document audit findings, develop remediation recommendations, and track the implementation of corrective actions. The ideal candidate will possess a deep understanding of information security principles, frameworks (e.g., NIST, ISO 27001, COBIT), and regulatory requirements relevant to the financial sector (e.g., SOX, PCI DSS, GLBA). Proven experience with IT general controls (ITGC) and application controls testing is essential. You should be proficient in conducting vulnerability assessments and penetration testing analysis. Strong analytical and problem-solving skills, with the ability to translate complex technical findings into clear, actionable reports for both technical and non-technical audiences, are crucial.

This role requires excellent communication and interpersonal skills, enabling effective collaboration with IT staff, management, and external auditors. You will need to demonstrate leadership qualities and the ability to guide junior auditors. Professional certifications such as CISSP, CISA, CISM, or CRISC are highly desirable. A bachelor's degree in computer science, information technology, cybersecurity, or a related field is required, along with several years of experience in information security auditing or risk management. This position offers a challenging and rewarding opportunity to contribute to the security and integrity of sensitive financial data in Oklahoma City, Oklahoma, US . Our client is committed to fostering a secure working environment and providing opportunities for professional growth. If you are a meticulous auditor with a passion for safeguarding information assets, we encourage you to apply.

Our client is seeking a detail-oriented and experienced Senior Information Security Auditor to join their compliance and risk management team. This role involves conducting comprehensive audits of information systems and security controls to ensure compliance with relevant regulations and internal policies. You will be responsible for identifying security vulnerabilities, assessing risks, and recommending corrective actions to strengthen the organization's security posture. Key responsibilities include planning and executing IT security audits, evaluating the effectiveness of controls, documenting audit findings, and preparing detailed audit reports. The ideal candidate will possess a Bachelor's degree in Information Technology, Cybersecurity, or a related field, along with significant experience in information security auditing, risk assessment, and compliance. Certifications such as CISA, CISSP, or CRISC are highly desirable. Strong knowledge of various IT security frameworks (e.g., NIST, ISO 27001) and auditing methodologies is required. Excellent analytical, problem-solving, and communication skills are essential. This hybrid role requires occasional on-site presence in **Des Moines, Iowa**, for key meetings and collaborative sessions, with the flexibility for remote work on other days. You will play a critical role in ensuring the security and integrity of our client's information assets. Join us in upholding the highest standards of information security.

**Responsibilities & Qualifications**
**RESPONSIBILITIES**
+ Independently perform complex security analysis of classified and unclassified applications, systems, and enclaves for compliance with DoD and Agency security requirements.
+ Conduct Command Cyber Readiness Inspections (CCRI), cybersecurity vulnerability evaluations, and penetration testing across diverse environments.
+ Apply advanced security tools, techniques, and technologies to evaluate enterprise security posture, including Nessus, SCCM, and Vulnerator.
+ Perform vulnerability and risk analysis; participate in cybersecurity penetration studies to identify and mitigate weaknesses.
+ Analyze, define, and document security requirements for mainframes, workstations, servers, databases, and network infrastructures.
+ Recommend and implement solutions to improve security posture, optimize processes, and remediate identified risks.
+ Provide enterprise-wide technical analysis and direction for problem identification, remediation, and system hardening in areas such as:
+ Information Systems Architecture
+ Automation & Networking
+ Communication Protocols
+ Application Software
+ VOIP, VTC, and Electronic Email
+ Deliver findings, recommendations, and briefings to executive leadership, ensuring alignment with DoD directives, DISA STIGs, and SCAP compliance standards.
+ Draft, maintain, and manage technical documentation, vulnerability assessment reports, and audit results in support of mission objectives.
**REQUIRED QUALIFICATIONS**
**Experience**
+ Minimum seven (7) years of IT experience.
+ Two (2) years of experience with DoD Vulnerability Management System.
+ Minimum five (5) years of experience with Command Cyber Readiness Inspection experience in at least one of the following areas listed below:
+ Tenable scan analysis
+ Operating Systems (Windows, Unix)
+ Boundary defense (network policy, router, firewall)
+ Internal defense (L2 switch, L3 switch)
+ DNS (policy, BIND/Windows)
+ HBSS (remote console, AV, ABM, PA, HIPS, ePO)
+ Traditional security (Common, Basic, NCV, SCV)
+ Wireless communications (BES, handhelds)
+ Proven proficiency in CCRI execution, vulnerability assessments, penetration testing, and security auditing of networks, applications, and IT frameworks.
+ Strong analytical and troubleshooting skills with demonstrated ability to resolve complex security issues.
+ Hands-on experience with implementing and configuring networks and network components.
+ Knowledge and understanding of DOD Security Regulations, DISA Security Technical Implementation Guides, SCAP, and proficiency in Vulnerator, USCYBERCOM CTO Compliance Program, wireless vulnerability assessment, web services (IIS, Apache, Proxy), Database (SQL Server, Oracle), email services (Exchange), vulnerability scans (NESSUS, SCCM), container image scans, phishing exercises, USB detect, physical Security.
**Certifications**
+ CSSP Analyst or CSSP Auditor Certification - Required
+ DoD 8570 IAM Level III Baseline Certification:
+ Certified Information Security Manager (CISM)
+ Certified Information Systems Security Professional (CISSP)
+ GIAC Security Leadership Certification (GSLC)
+ Certified Chief Information Security Officer (CCISO)
+ DoD 8570 IAT Level II
+ COMPTIA Security+ CE
+ Cisco Certified Network Associate (CCNA)
+ COMPTIA Cybersecurity Analyst (CySA+)
+ Global Information Assurance Certification (GIAC) Global Industriel Cyber Security Professional (GICSP)
+ Global Information Assurance Certification (GAIC) Security Essentials Certification (GSEC)
+ Certified Network Defender (CND)
+ Systems Security Certified Practitioner (SSCP)
**Clearance**
+ Secret - IT-II (Tier 3) Non-Critical Sensitive Clearance with a favorable NACLC.
**Overview**
We are seeking a Cybersecurity Auditor - Senior to join our Defense Logistics Agency (DLA) Team.
TekSynap is a fast-growing high-tech company that understands both the pace of technology today and the need to have a comprehensive well planned information management environment. "Technology moving at the speed of thought" embodies these principles - the need to nimbly utilize the best that information technology offers to meet the business needs of our Federal Government customers.
We offer our full-time employees a competitive benefits package to include health, dental, vision, 401K, life insurance, short-term and long-term disability plans, vacation time and holidays.
Visit us at .
Apply now to explore jobs with us!
The safety and health of our employees is of the utmost importance. Employees are required to comply with any vaccination requirements mandated by contract, applicable law or regulation.
By applying to a role at TekSynap you are providing consent to receive text messages regarding your interview and employment status. If at any time you would like to opt out of text messaging, respond "STOP".
y retain and use your name, e-mail, and contact information for purposes related to employment consideration".
**Additional Job Information**
**WORK ENVIRONMENT AND PHYSICAL DEMANDS**
The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of the job. Reasonable accommodation may be made to enable individuals with disabilities to perform the essential functions.
+ Locations: Remote
+ Type of environment: Remote
+ Noise level: Medium
+ Work schedule: Schedule is day shift Monday - Friday. May be requested to work evenings and weekends to meet program and contract needs.
+ Amount of Travel: Less than 10%
**PHYSICAL DEMANDS**
The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
While performing the duties of this job, the employee is regularly required to use hands to handle, feel, touch; reach with hands and arms; talk and hear. The employee is regularly required to stand; walk; sit; climb or balance; and stoop, kneel, crouch, or crawl. The employee is regularly required to lift up to 10 pounds. The employee is frequently required to lift up to 25 pounds; and up to 50 pounds. The vision requirements include close vision, distance vision, peripheral vision, depth perception, and ability to adjust focus.
**WORK AUTHORIZATION/SECURITY CLEARANCE**
U.S. Citizen
Secret clearance
**OTHER DUTIES**
Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities and activities may change at any time with or without notice.
**EQUAL EMPLOYMENT OPPORTUNITY**
In order to provide equal employment and advancement opportunities to all individuals, employment decisions will be based on merit, qualifications, and abilities. TekSynap does not discriminate against any person because of race, color, creed, religion, sex, sexual orientation, gender identity, protected veteran status, national origin, disability, age, genetic information or any other characteristic protected by law (referred to as "protected status"). This nondiscrimination policy extends to all terms, conditions, and privileges of employment as well as the use of all company facilities, participation in all company-sponsored activities, and all employment actions such as promotions, compensation, benefits, and termination of employment.
TekSynap is committed to ensuring that our online application process provides an equal employment opportunity to all job seekers, including individuals with disabilities. If you believe you need a reasonable accommodation in order to search for a job opening or to submit an application, please contact for assistance.
**Job Locations** _Telework_
**ID** _ _
**Category** _Information Technology_
**Type** _Regular Full-Time_

**The position is described below. If you want to apply, click the Apply Now button at the top or bottom of this page. After you click Apply Now and complete your application, you'll be invited to create a profile, which will let you see your application status and any communications. If you already have a profile with us, you can log in to check status.**
Need Help? ( you have a disability and need assistance with the application, you can request a reasonable accommodation. Send an email to Accessibility ( ?subject=Accommodation%20request)_
_(accommodation requests only; other inquiries won't receive a response)._
**Regular or Temporary:**
Regular
**Language Fluency:** English (Required)
**Work Shift:**
1st shift (United States of America)
**Please review the following job description:**
Truist Senior Internal Auditor is responsible for assisting in the completion and documentation of risk based internal audit assurance activities that may include complex assignments. The Truist Senior Internal Auditor will interpret the results of audit work performed, determine internal control weaknesses, and make value-added recommendations. As appropriate, the Truist Senior Internal Auditor may lead segments or primary elements of smaller audits or special reviews.
**Please note** **-** **to be considered for this role, candidates** **must** **work in one of the following Truist office locations in a hybrid capacity** **:**
+ **Atlanta, GA - 303 Peachtree Street**
+ **Charlotte, NC - 214 North Tryon Street**
+ **Raleigh, NC - 3201 Beechleaf Court**
+ **Winston-Salem, NC - 101 North Cherry Street**
+ **Richmond, VA - 1001 Semmes Ave**
**_No Full Remote/Telecommute. No Relocation Assistance._**
**ESSENTIAL DUTIES AND RESPONSIBILITIES**
Following is a summary of the essential functions for this job. Other duties may be performed, both major and minor, which are not mentioned below. Specific activities may change from time to time.
1. Prepare for and lead effective client interviews and document interview results via narratives, flowcharts and process maps for complex business processes.
2. Analyze process documentation to evaluate design effectiveness and efficiency of controls.
3. Design and execute testing strategy by incorporating the use of data analytics.
4. Identify internal control weaknesses, including risks, and root cause.
5. Assist in guiding junior team members to enhance achievement of goals and objectives
6. Present and effectively communicate identified audit issues to Management and the Engagement Manager.
7. Develop advanced audit skills and begin developing risk assessment and project management skills
8. Deepen knowledge of the organization, operations, policies and procedures (including banking laws and regulations) under which Truist operates.
9. Create work papers in line with Truist Audit Services procedures and documentation requirements.
10. Work independently with minimal oversight to ensure work is completed on time and within deadlines.
11. Receive constructive feedback and apply to future assignments.
**QUALIFICATIONS**
**Required Qualifications:**
The requirements listed below are representative of the knowledge, skill and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
1. Bachelor's degree in accounting, business or related field or equivalent education and related training or experience.
2. Four to six years of banking, auditing or other relevant experience related to area of responsibility.
3. Developing knowledge, ability and expertise in the principles and practices of technology, cybersecurity, IT infrastructure, IT service management processes and IT industry trends.
4. Developing knowledge of IT General Controls (ITGCs), IT Application Controls (ITACs), and the System Development Life Cycle (SDLC).
5. Developing knowledge of IT, information security and Cloud management and control frameworks (COSO, COBIT, NIST, SOX, PCI DSS).
6. Good decision-making skills.
7. Strong knowledge of audit principles, practices, and methodologies including risk assessment, and audit documentation.
8. Good aptitude for learning analytical, audit and/or facilitation skills.
9. Ability to grasp the underlying concepts in complex information.
10. Ability to identify root causes of problems.
11. Ability to formulate solutions based on a synthesis of information.
12. Proficiency in computer applications, such as Microsoft Office software products.
13. Ability to manage multiple priorities of varying complexities.
14. Ability to work independently with minimal oversight.
**Preferred Qualifications:**
1. Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field.
2. Possess relevant professional certifications such as Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), or Certified Ethical Hacker (CEH)
3. Proficiency in using cybersecurity tools and technologies, as well as audit management software.
**General Description of Available Benefits for Eligible Employees of Truist Financial Corporation:** All regular teammates (not temporary or contingent workers) working 20 hours or more per week are eligible for benefits, though eligibility for specific benefits may be determined by the division of Truist offering the position. Truist offers medical, dental, vision, life insurance, disability, accidental death and dismemberment, tax-preferred savings accounts, and a 401k plan to teammates. Teammates also receive no less than 10 days of vacation (prorated based on date of hire and by full-time or part-time status) during their first year of employment, along with 10 sick days (also prorated), and paid holidays. For more details on Truist's generous benefit plans, please visit our Benefits site ( Depending on the position and division, this job may also be eligible for Truist's defined benefit pension plan, restricted stock units, and/or a deferred compensation plan. As you advance through the hiring process, you will also learn more about the specific benefits available for any non-temporary position for which you apply, based on full-time or part-time status, position, and division of work.
**_Truist is an Equal Opportunity Employer that does not discriminate on the basis of race, gender, color, religion, citizenship or national origin, age, sexual orientation, gender identity, disability, veteran status, or other classification protected by law. Truist is a Drug Free Workplace._**
EEO is the Law ( Transparency Nondiscrimination Provision ( (