Cyber Compliance & Internal Audit Specialist (contract - hybrid)
Description:
Cyber Compliance & Internal Audit Specialist
We are seeking an experienced Cyber Compliance & Internal Audit Specialist to support the organization’s governance, risk, and compliance (GRC) programs. This role is responsible for assessing cybersecurity controls, supporting internal and external audits, ensuring alignment with regulatory and industry standards, and driving remediation efforts across IT and security teams. The ideal candidate brings strong audit discipline, deep understanding of cyber controls, and the ability to work collaboratively with both technical and business stakeholders.
Key Responsibilities:
Cybersecurity Compliance
Evaluate compliance with cybersecurity frameworks such as NIST CSF, CIS Controls, ISO 27001, PCI-DSS, SOC2, and internal policy requirements.
Assist in the development, maintenance, and improvement of cybersecurity policies, standards, and procedures.
Conduct compliance reviews across infrastructure, applications, cloud environments, and security operations.
Ensure regulatory and legislative requirements are understood and integrated into cybersecurity programs
Internal Audit Support
Plan, coordinate, and execute IT and cyber internal audits, including control testing, evidence collection, and audit documentation.
Assess the effectiveness of security and IT controls, identify gaps, and provide structured recommendations.
Prepare audit-ready documentation, narratives, and risk/control matrices.
Support external auditors by facilitating walkthroughs, gathering evidence, and explaining technical controls.
Risk Management & Remediation
Perform risk assessments, security control evaluations, and business impact reviews for key systems.
Track and report on remediation activities, ensuring issues are addressed within required timelines.
Partner with Infrastructure, Security, and Application teams to validate fixes and confirm control effectiveness.
Contribute to strengthening governance practices for the CISO and IT leadership team.
Reporting & Governance
Develop compliance dashboards, audit reports, and executive summaries for leadership and committees.
Monitor metrics/KPIs related to cyber compliance, risks, and audit status.
Provide guidance and training to internal teams regarding compliance requirements and control expectations.
Qualifications
5–10 years of experience in IT audit, cyber compliance, GRC, or risk management.
Strong knowledge of cybersecurity standards and regulatory frameworks (NIST, ISO 27001, CIS, PCI-DSS, SOC2).
Experience conducting internal audits, control testing, and risk assessments in complex IT environments.
Ability to interpret technical security controls and translate them into compliance requirements.
Excellent analytical, documentation, and communication skills.
Ability to work cross-functionally with IT, security, procurement, finance, and business stakeholders.
Relevant certifications preferred: CISA, CRISC, CISSP, CISM, ISO 27001 Lead Auditor, CompTIA Security+.
*This posting is for current vacancy for a client of ours
*Our specialized recruiting professionals apply their expertise and utilize our proprietary AI to find you great job matches faster