Cybersecurity Risk Auditor
F5 · Greater Seattle Area · 1 wk ago
HybridInformation Technology$63k–$95k/yrFull-time
Primary Responsibilities
- Execute technology, cybersecurity, and digital risk audit engagements as part of a risk-based internal audit plan
- Perform audit fieldwork aligned to defined objectives while applying professional skepticism and curiosity to identify risks beyond standard audit procedures
- Audit fieldwork includes assessing the design and operating effectiveness of controls across technology domains including cloud infrastructure, identity and access management, network security, application security, logging and monitoring, vulnerability management, and incident response
- Conduct stakeholder interviews and walkthroughs to understand system architecture, processes, and risk trade-offs
- Identify, document, and analyze audit observations, including root causes and potential business or customer impact
- Prepare clear, concise, and well-supported workpapers in accordance with Internal Audit standards and methodologies
- Contribute to audit reporting by summarizing findings, insights, and risk themes in a way that is meaningful to both technical and non-technical stakeholders
- Partner with technology, security, and business stakeholders to validate observations and support effective remediation
- Track audit issues and support follow-up activities to promote timely and sustainable risk mitigation
- Support Internal Audit activities beyond core audits, including risk assessment, audit planning, advisory engagements, and continuous improvement initiatives
- Stay current on emerging technology and cybersecurity risks, threat trends, and evolving industry practices
- Contribute to the ongoing modernization of the Internal Audit function through adoption of improved tools, methodologies, and ways of working
Qualifications
- Bachelor’s degree in Information Systems, Computer Science, Cybersecurity, Engineering, Business, Accounting, or a related field
- Minimum 2+ years of experience in cybersecurity audit, IT audit, or related disciplines within a public accounting firm, public company, or technology-focused organization
- Experience supporting audits or assessments of modern technology environments, including IT general controls, cybersecurity controls, cloud platforms, or SaaS operations
- Professional certifications preferred: CISA, CISSP
- Other relevant certifications considered: CIA, CPA, CISM, CCSP, CRISC
- Knowledge of industry frameworks such as NIST, ISO 27001, COBIT, SOC 2, and COSO
- An analytical mindset with the ability to ask insightful questions, challenge assumptions, and evaluate risk implications
- Demonstrated curiosity and willingness to continuously learn new technologies, platforms, and threat vectors
- Strong documentation skills, with the ability to clearly articulate work performed and communicate complex topics effectively
- Ability to manage multiple priorities and deadlines in a dynamic, fast-paced environment
- High level of integrity, professionalism, and sound judgment
- Comfort operating in environments where risks are evolving and controls may still be maturing
- Exposure to cloud environments such as AWS, Azure, or GCP
- Familiarity with secure software development practices, DevOps, or DevSecOps pipelines
- Prior experience auditing or assessing cybersecurity programs or security operations