IT Auditor 2

Ampcus Inc. is a certified global provider of a broad range of Technology and Business consulting services. We are in search of a highly motivated candidate to join our talented Team. Job Title: IT Auditor 2 Location: Austin, TX Job Description:

• Office of Court Administration requires the services of 1 IT Auditor 2, hereafter referred to as Candidate(s), who meets the general qualifications of IT Auditor 2, Security and the specifications outlined in this document for the Office of Court Administration.

• Review vendor contracts, SLAs, and other IT and cybersecurity contractual requirements to confirm compliance with contractual obligations.

• Evaluate the design and implementation of vendor cybersecurity controls against contractual and industry standards.

• Collect and analyze evidence such as security policies, system configurations, logs, and access records.

• Conduct interviews with vendor personnel to assess security practices and governance.

• Perform control testing and sampling to verify the effectiveness of technical and administrative safeguards.

• Identify gaps, deficiencies, or non-compliance in vendor controls and assess associated risks.

• Prepare audit reports summarizing findings, risks, and recommended corrective actions.

• Track remediation efforts and validate closure of audit findings.

• Coordinate with internal stakeholders to ensure vendor risks are communicated and addressed.

• Candidates that do not meet or exceed the minimum stated requirements (skills/experience) will be displayed to customers but may not be chosen for this opportunity.

• 5 Required: Cybersecurity frameworks and compliance: Proven experience auditing controls against NIST, ISO 27001, PCI-DSS, or SOC 2 standards, with working knowledge of current data protection laws, regulatory compliance, and third-party risk management practices.

• 5 Required: Technical IT auditing: Strong ability to evaluate security controls such as network protection, identity access management, endpoint security, and incident response across modern IT environments.

• 5 Required: Communication and reporting: Experienced in drafting audit reports, presenting findings to executive and legal stakeholders, and engaging vendors constructively.

• 5 Required: Analytical and investigative thinking: Demonstrated ability to identify security gaps, assess risk impact, and make sound, evidence-based recommendations.

• 4 Required: Third-party/vendor risk auditing: Hands-on experience conducting cybersecurity audits of external vendors, including due diligence, contract compliance, and risk assessments.

• 3 Required: Policy and documentation review: Skilled at reviewing and validating security documentation, procedures, and control implementation for accuracy and completeness.

• 3 Preferred: Cloud cybersecurity auditing: Experience auditing vendor environments hosted in AWS, Azure, or Google Cloud, including cloud-native controls and shared responsibility models.

• 3 Preferred: Incident response and breach assessment: Familiarity with analyzing vendor incident response plans, reviewing past breaches, and evaluating remediation practices.

• 3 Preferred: Contract interpretation and SLA compliance: Ability to interpret legal and technical language in vendor contracts to ensure proper implementation of SLAs, IT, and cybersecurity obligations.

• 2 Preferred: Government or regulated industry experience: Background in auditing technology vendors serving courts.

• 2 Preferred: Presentation to executives: Experience summarizing technical findings for non-technical audiences, including C-suite executives or legal counsel.

• 1 Preferred: Certifications: At least one relevant certification (CISA, CISSP, CRISC, or ISO 27001 Lead Auditor).