5,888 Security Auditor jobs in the United States

• Bachelor's degree in Information Technology, Computer Science, Auditing, or a related field.
• Minimum of 6 years of experience in information security auditing, risk management, or compliance.
• Proven experience conducting internal or external security audits.
• In-depth knowledge of cybersecurity frameworks, standards, and regulations.
• Experience with various IT systems, networks, and applications.
• Strong analytical, problem-solving, and critical thinking skills.
• Excellent report writing and presentation abilities.
• Professional certifications such as CISA, CISSP, CRISC, or CISM are strongly preferred.
• Ability to manage multiple audit projects simultaneously and meet deadlines.

LOCALS TO MI ONLY, HYBRID & USC, GC MUST
• 5+ years of total IT related experience and ability to work seamlessly with the team, as well as be self-motivated to work independently.
• 3+ years implementing/utilizing Federal, Industry and Open-Source Security Guidance and Secure Coding Practices
• 3+ years with both compiled and interpreted languages such as Angular, React, Node.js, Java, Spring Boot, IBM WebSphere App server, Oracle JBoss, .NET stacks.
• 3+ years with networking, infrastructure, secure application development and security automation (DevSecOps).
• 3+ years of hands-on knowledge building and deploying secure complex distributed web and mobile applications.
• Must be a United States Citizen/GC Holder and ability to pass a CJIS background check.

Job Summary

MathWorks has a hybrid work model that enables staff members to split their time between office and home. The hybrid model provides the advantage of having both in-person time with colleagues and flexible at-home life optimizations. Learn More:
We are seeking a skilled Senior Security Compliance Auditor to join our dynamic team and assess compliance to NIST 800-171, NIST 800-53, and CMMC standards. This role involves evaluating our security controls, identifying areas of improvement, working with cross-functional teams to enhance our security posture, and participating in external audit and certifications.

MathWorks nurtures growth, appreciates diversity, encourages initiative, values teamwork, shares success, and rewards excellence.

Responsibilities

• Conduct thorough audits of security controls in accordance with NIST 800-171, NIST 800-53, and CMMC guidelines, collaborating with cross-functional teams.
• Assess the effectiveness of current security measures, providing actionable recommendations for improvement and risk mitigation.
• Ensure continuous compliance with federal and industry standards, staying updated on the latest developments in NIST and CMMC standards.
• Develop and maintain detailed documentation related to compliance activities, and communicate audit results to stakeholders and senior management.
• Conduct engaging training sessions to raise awareness about compliance requirements and best practices, fostering a culture of continuous learning.
• Build and maintain strong relationships with key stakeholders across various departments, facilitating regular meetings and updates to keep them informed and engaged.
• Act as a liaison between stakeholders and the compliance team, ensuring clear communication and alignment.

• A bachelor's degree and 3 years of professional work experience (or a master's degree, or equivalent experience) is required.

• Knowledge of software development, on-prem and cloud infrastructure, cybersecurity, network security, risk management, application security, and third-party management.
• Experience in security compliance auditing and cybersecurity frameworks, especially NIST 800-171, NIST 800-53, and CMMC.
• Excellent analytical, problem-solving, and communication skills, with the ability to collaborate across teams.

Job Title: IT Security Auditor

Working Pattern: Hybrid - 3 in office days a week

Working Location: Indianapolis, IN

Rolls-Royce offers an excellent opportunity for an IT Security Auditor to join our Cyber Security, Risk and Compliance team. In this role you will be undertaking assessment activities to identify weaknesses, policy violations in our IT systems (and/or applications) and create action plans to correct any problems in order to prevent future cyber security breaches. You will be working with other Security Auditors and Information Assurance Specialists to ensure a common approach to Security Audit across Rolls-Royce. In this role, you will travel up to 10% domestically or internationally.

Why Rolls-Royce?

Rolls-Royce is one of the most enduring and iconic brands in the world and has been at the forefront of innovation for over a century. We design, build and service systems that provide critical power to customers where safety and reliability are paramount.

We are proud to be a force for progress, powering, protecting and connecting people everywhere.

We want to ensure that the excellence and ingenuity that has shaped our history continues into our future and we need people like you to come and join us on this journey.

At Rolls-Royce, we are committed to creating a workplace where all employees feel respected, supported, and empowered to do their best work. We foster a welcoming and innovative work environment that invests in you, giving you access to an incredible breadth and depth of opportunities where you can grow your career and make a difference.

Rolls-Royce is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to any protected characteristics.

What you will be doing:

• Support the Head of Cyber Security Policy & Compliance in identifying and planning cyber security audits across the IT Function, within business areas, of our IT supply chain, and 3rd party suppliers into the business
• Undertaking those audits and providing timely reports
• Creating corrective action plans, in conjunction with the target system owner, in order to improve the cyber security posture of that system
• Analysis of the audit output to identify trends to inform the improvement of policy, process, procedure or technology
• Presenting findings to a wider audience including senior management.
• Undertaking other tasks to support the wider cyber security team, such as work on the cyber culture program
• Assist the wider team in developing and defining Information Security policies, standards, guidelines, and procedure to an agreed framework (ISO27000)

Who we're looking for:

At Rolls-Royce we put safety first, do the right thing, keep it simple and make a difference. These principles form the behaviours that guide us and are an essential component of our assessment process. They are the fundamental qualities that we seek for all roles.

Basic Requirements:

• Associate degree in Computer Science or Information technology with 7+ years of Cyber Audit experience, OR
• Bachelor's degree in Computer Science or Information technology with 5+ years of Cyber Audit experience, OR
• Master's degree in Computer science or Information technology with 3+ years Cyber Audit of experience, OR
• PhD in Computer Science or Information technology, OR
• 9+ years of Cyber Audit experience in lieu of a degree
• In order to be eligible for consideration for this opportunity, you must be a U.S. Citizen

Preferred Requirements:

• Degree or MSc in Information Security
• CISSP/CISM
• Experience in Microsoft Azure (or equivalent cloud platforms)
• CMMC experience

What we offer:

We offer excellent development opportunities, a competitive salary, and exceptional benefits. These include bonus, employee support assistance and employee discounts.

Your needs are as unique as you are. Hybrid working is a way in which our people can balance their time between the office, home, or another remote location. It's a locally managed and flexed informal discretionary arrangement. As a minimum we're all expected to attend the workplace for collaboration and other specific reasons, on average three days per week.

Relocation assistance will be provided if applicable.

Closing date: August 29, 2025

Location:

Benefits

Rolls-Royce provides a comprehensive and competitive Total Rewards package that includes base pay and a discretionary bonus plan. Eligible employees may have the opportunity to enroll in other benefits, including health, dental, vision, disability, life and accidental death & dismemberment insurance; a flexible spending account; a health savings account; a 401(k) retirement savings plan with a company match; Employee Assistance Program; Paid Time Off; certain paid holidays; paid parental and family care leave; tuition reimbursement; and a long-term incentive plan. The options available to an employee may vary depending on eligibility factors such as date of hire, employment type, and the applicability of collective bargaining agreements.

If you're passionate about building a better future for individuals, communities, and our country-and you're committed to working hard to play your part in building that future-consider WGU as the next step in your career.

Driven by a mission to expand access to higher education through online, competency-based degree programs, WGU is also committed to being a great place to work for a diverse workforce of student-focused professionals. The university has pioneered a new way to learn in the 21st century, one that has received praise from academic, industry, government, and media leaders. Whatever your role, working for WGU gives you a part to play in helping students graduate, creating a better tomorrow for themselves and their families.

The salary range for this position takes into account the wide range of factors that are considered in making compensation decisions including but not limited to skill sets; experience and training; licensure and certifications; and other business and organizational needs.

At WGU, it is not typical for an individual to be hired at or near the top of the range for their position, and compensation decisions are dependent on the facts and circumstances of each case. A reasonable estimate of the current range is:

Job Description

Job Profile Summary

The current information security landscape is technically complex and constantly changing. The IT Security Auditor uses their knowledge

of current security methods and standards to gather operational information and assess and analyze tools, systems, and processes in

defense of applications, systems, and networks and collaborate with Infrastructure and business teams.

Job Duties & Responsibilities

Audit Planning & Execution

• IT Security Audit Management: Design, plan, and execute comprehensive IT internal security audits across on-premises, cloud, and hybrid environments

• Risk-Based Audit Approach: Develop audit plans based on organizational risk assessments, business priorities, and regulatory requirements

• Project Coordination: Manage multiple concurrent audit engagements, ensuring timely delivery and resource optimization

Documentation & Knowledge Management

• Policy Review: Evaluate IT governance documentation, security policies, procedures, and standards for adequacy and effectiveness

• Audit Documentation: Maintain comprehensive audit workpapers, evidence, and documentation in accordance with professional standards

• Knowledge Sharing: Stay current with emerging threats, security trends, and audit methodologies through continuous learning

Collaboration & Advisory

• Cross-Functional Partnership: Work closely with IT, cybersecurity, compliance, and business teams to understand system architectures and business processes

• Technical Guidance: Provide expert advice on security best practices, control design, and risk mitigation strategies

• Process Improvement: Recommend enhancements to audit methodologies, tools, and organizational security practices

Reporting & Communication

• Executive Reporting: Prepare detailed audit reports with executive summaries, technical findings, risk ratings, and actionable recommendations

• Stakeholder Engagement: Present audit results to senior management, IT leadership, and audit committees with clear business impact assessments

• Issue Tracking: Monitor remediation progress and conduct follow-up audits to validate corrective actions

• Gap Analysis: Compare current security posture against industry best practices and regulatory requirements

Compliance & Risk Management

• Regulatory Compliance: Ensure adherence to industry standards and regulations (NIST, SOC 2, ISO 27001, PCI DSS, HIPAA, SOX, GDPR, GLBA, FERPA)

• Risk Analysis: Identify, analyze, and quantify IT risks, developing comprehensive risk registers and mitigation strategies

• Gap Analysis: Compare current security posture against industry best practices and regulatory requirements

Technical Assessment & Testing

• Systems Evaluation: Conduct in-depth technical assessments of information systems, including network infrastructure, databases, applications, and cloud services

• Control Testing: Evaluate the design and operational effectiveness of IT controls, including access controls, data encryption, and security monitoring systems

• Vulnerability Assessment: Identify security weaknesses, configuration gaps, and potential attack vectors through systematic testing methodologies Technology Review: Assess emerging technologies and their security implications, including AI/ML systems, IoT devices, and automation tools

Collaboration & Advisory

• Cross-Functional Partnership: Work closely with IT, cybersecurity, compliance, and business teams to understand system architectures and business processes

• Technical Guidance: Provide expert advice on security best practices, control design, and risk mitigation strategies

• Process Improvement: Recommend enhancements to audit methodologies, tools, and organizational security practices

Documentation & Knowledge Management

• Policy Review: Evaluate IT governance documentation, security policies, procedures, and standards for adequacy and effectiveness

• Audit Documentation: Maintain comprehensive audit workpapers, evidence, and documentation in accordance with professional standards

• Knowledge Sharing: Stay current with emerging threats, security trends, and audit methodologies through continuous learning

KSAs

• Knowledge of NIST, ISO, and PCI-DSS standards as well as FERPA, GLBA, GDPR, HIPAA, FTC regulations. Contributes to developing assessment plans building on the methodologies promoted by these standards and regulations to quantify risk

• Understanding of core AWS services, including compute (EC2, ECS, Lambda), network (VPC, Subnets, Security Groups), storage (S3, EFS, EBS), database (RDS), and identity (IAM)

• Understanding of integrating security into the various stages of a CI/CD pipeline

• Understanding of cloud security engineering principles as applied in support of, and integration with, key business and strategic priorities

• Working knowledge of intrusion detection methodologies and techniques for detecting intrusions via intrusion detection technologies

• Ability to use network management tools to analyze network traffic patterns

• Ability to tune sensors, read, and interpret signatures

• Great oral and written communication skills with the ability to communicate with purpose, clarity, and accuracy

• Familiarity with network architectures, network services & devices, system types, development platforms, and software suites (Microsoft, Cisco, Oracle, Linux, etc.)

• Excellent analytical, problem-solving, and decision-making skills

• Ability to take a solution-driven approach to problem-solving

• Working knowledge of securing and administering network devices and operating systems.

• Knowledge and experience in incident handling, computer forensics, intrusion detection systems, firewalls, antivirus, syslog, etc.

• Strong understanding of PCI, SOX, GLBA, PII, and FERPA requirements

• Working knowledge of penetration testing and intrusion detection

• Subject matter expert in area of responsibility or working knowledge of several technical areas

• Methodical, data-driven approach to security and risk analysis; ability to think imaginatively in order to assist in implement security improvements

• Understanding of the implications of privacy laws and regulations (i.e. GDPR and CCPA).

• Strong understanding of SIEM content security rules to detect malicious, suspicious, and/or abnormal events

• Understanding of cloud resources using infrastructure-as-code (CloudFormation, CDK, etc.)

• Understanding of the Development of Security Content and Use Case Development. Alerting aligning to the MITRE ATT&CK Framework

Minimum Qualifications

• Bachelor's Degree in Cybersecurity, Information Security, Computer Science, Information Systems, or related field

• 3-5 years of professional experience in IT audit, cybersecurity, risk management, or compliance roles

• Demonstrated expertise in IT audit methodologies, risk assessment frameworks, and internal controls

• Regulatory Frameworks: Working knowledge of multiple compliance standards (NIST Cybersecurity Framework, COBIT, ISO 27001/27002, SOC 2)

• Audit Tools: Experience with audit management software, vulnerability scanners, and security assessment tools

• IT Infrastructure: Understanding of network architecture, cloud platforms (AWS, Azure), databases, and enterprise applications

• Security Technologies: Familiarity with firewalls, SIEM systems, identity management, encryption, and endpoint protection

Preferred Qualifications

• Master's Degree in Cybersecurity, Information Security, Computer Science, Information Systems, or a related field

• Audit Certifications: CISA (Certified Information Systems Auditor), CISM (Certified Information Security Manager)

• Security Certifications: CISSP (Certified Information Systems Security Professional), CRISC (Certified in Risk and Information Systems Control)

• Cloud Certifications: AWS Security Specialty, Azure Security Engineer, or equivalent cloud security credentials

• Data Analytics: Experience with data analysis tools (SQL, Python, R) for audit testing and risk quantification

• Automation: Knowledge of audit automation tools and techniques, including continuous monitoring systems

• Communication Excellence: Proven ability to translate complex technical concepts into business-relevant insights for diverse audiences

Job Description Disclaimer: This position description provides the major duties/responsibilities, requirements and working conditions for the position. It is intended to be an accurate reflection of the current position, however management reserves the right to revise or change as necessary to meet organizational needs. Other responsibilities may be assigned when circumstances require.

Position & Application Details

How to Apply: If interested, an application will need to be submitted online. Internal WGU employees will need to apply through the internal job board in Workday.

Additional Information

Disclaimer: The job posting highlights the most critical responsibilities and requirements of the job. It's not all-inclusive.

Accommodations: Applicants with disabilities who require assistance or accommodation during the application or interview process should contact our Talent Acquisition team at

Equal Employment Opportunity: All qualified applicants will receive consideration for employment without regard to any protected characteristic as required by law.

• Risk Assessment and Control Evaluation: Identify, assess, and evaluate IT inherent and detective risks related to internal controls. Develop and maintain Risk and Control Matrices (RACMs) to support financial statement audits.
• Standards and Framework Adherence: Ensure compliance with information assurance standards such as NIST RMF, 800-53, FISCAM, DODI 8500, DODI 8510, SSAE-18, and AT-C320.
• Corrective Action Implementation: Design, implement, and test corrective actions to address ITAC/ITGC relevant audit risks.
• Process Mapping and Analysis: Conduct end-to-end process mapping of IT systems and processes to identify potential vulnerabilities and control gaps.
• Audit Report Review: Review and evaluate issued audit findings, including NFRs, to ensure accuracy and completeness.
• Security Clearance: Maintain an active security clearance.

• Master's Degree in Accounting, Finance, Information Technology, or Business Management or CPA or CISA or PMP or CGFM or CDFM
• 4 years of experience with federal financial management
• 2 years of federal accounting experience
• Ability to identify controls that mitigate ITAC/ITGC relevant risks
• Demonstrated experience with leveraging FISCAM/NIST RMF as part of testing, reviewing, and guiding
• Experience designing and implementing (or independently testing TOD/TOE) corrective actions to address ITAC/ITGC relevant audit risks

• Experience with Federal/DoD clients
• Experience with business process end-to-end process mapping
• Performing federal audits that provided an audit opinion
• Performing federal audits that issued a disclaimer of opinion
• Experience with evaluating SOC reports in support of a financial statement audit
• Experience with supporting DoD SSAE-18 AT-C examinations as a service auditor