Information Systems Auditor

Summary

Join Picus Security, a leading security validation company, as an Information Systems Auditor. Contribute to the governance, audit, compliance, and continuous improvement of company policies and processes. Manage compliance activities related to global certifications and regulatory frameworks. Audit, monitor, and improve policies and processes across various areas, including information security, business continuity, and privacy. Represent the company in audits and respond to security questionnaires. Maintain and expand upon existing certifications and frameworks. Conduct internal audits and support the development of awareness programs. Collaborate with business units to ensure process alignment. This role offers a chance to shape a fast-growing cyber security segment and provides unlimited opportunities for career development.

Requirements

• 3+ years of hands-on experience in audit, compliance, risk management, or information security — ideally within a technology, SaaS, internal controls, or cloud-driven environment
• Experience with ISO/IEC standards (27001, 27701, 22301, 20000-1) and SOC 2 , including preparation, audit coordination, and evidence management
• Familiarity with T PRM programs, vendor due diligence , and customer-facing compliance processes
• Familiarity with relevant international security and privacy related regulations, such as GDPR and CCPA , and compliance processes
• Demonstrated ability to manage multiple audits or compliance projects in parallel
• Strong verbal and written communication skills in English , including documentation and policy writing

Responsibilities

• Manage, support, and oversee compliance activities related to global certifications (e.g., ISO/IEC 27001, 22301, 27701, 20000-1, etc) and regulatory frameworks (i.e., SOC 2, NIST CSF, CSA Star, etc)
• Audit, monitor, and improve policies and processes related to: Information security
• Business continuity
• Privacy
• Governance and risk management
• IT service management
• Cloud application security and SaaS vendor compliance
• Participate in Cloud/SaaS security assessments , risk reviews, and vendor due diligence as part of the TPRM program
• Represent the company in second and third-party audits , including customer audits and cloud vendor evaluations
• Respond to RFPs and customer security questionnaires with accurate and comprehensive compliance input to ensure compliance and mitigate risk
• Maintain, evaluate, and expand upon existing certifications and frameworks to align with business needs and the technology landscape
• Define and track key compliance and audit metrics to measure control effectiveness and report findings to relevant stakeholders
• Support the development and delivery of privacy and information security awareness programs
• Conduct internal audits to assess compliance, identify potential gaps, and recommend and track corrective actions
• Shows genuine interest in emerging technologies such as AI, ML, and automation and stays informed on how these technologies impact risk, privacy, governance, and security frameworks
• Collaborate with business units to ensure process alignment with standards, contracts, and legal requirements

Benefits

• Fascinating work - a chance to shape and lead an exciting, fast-growing cyber security segment
• Unlimited opportunity! We are growing. At Picus, you'll be provided with as much responsibility as you can handle - new career development opportunities constantly arise given our rate of growth
• Global exposure - Get a lot of experience working not only in a fast-growing startup but also interact with customers all around the world
• Be part of a global remote team who is taking on Exposure Validation and a growing market segment