Job Title: Internal Auditor – IT & Security Compliance

Location: Portland Oregon Metro area or Remote

Job Type: Full-Time

About the Role: We are seeking an experienced Internal Auditor with a strong background in IT security, compliance, and risk management to join our Internal Audit team. This role will focus on evaluating the effectiveness of IT security controls, compliance programs, and risk management frameworks. The ideal candidate will have hands-on experience conducting technical and process audits aligned with industry standards such as SOX, NIST 800-53, NIST Cybersecurity Framework (CSF), ISO 27001, and other regulatory requirements.

Key Responsibilities:

• Plan, execute, and report on IT security and process audits, including assessments of technical controls, governance structures, and risk management programs.
• Evaluate compliance with relevant frameworks, including SOX ITGCs, NIST 800-53, NIST CSF, ISO 27001, and other security and compliance regulations.
• Assess security controls across IT infrastructure, applications, and cloud environments to identify control weaknesses, gaps, and areas for improvement.
• Work closely with IT, security, compliance, and business teams to recommend and implement corrective actions that mitigate identified risks.
• Perform risk assessments, control testing, and audit procedures in alignment with internal audit methodologies and industry best practices.
• Collaborate with external auditors and regulatory bodies to support audits and compliance reviews.
• Prepare clear, concise, and well-documented audit reports and presentations for senior leadership and audit committees.
• Stay current with emerging cybersecurity threats, compliance regulations, and best practices to ensure continuous improvement of internal audit processes.

Required Qualifications:

• Bachelor’s degree in information technology, Computer Science, or a related field.
• 5+ years of experience in internal audit, IT security auditing, or compliance.
• Strong knowledge of IT governance, security frameworks, and regulatory requirements such as SOX, NIST 800-53, NIST CSF, ISO 27001, PCI-DSS, or CIS Controls.
• Experience auditing cloud environments (AWS, Azure, GCP) and enterprise security controls.
• Familiarity with IT General Controls (ITGCs), access management, change management, and cybersecurity risk management.
• Professional certifications such as CISA, CISSP, CISM, CRISC, or CIA are highly preferred.
• Strong analytical, problem-solving, and communication skills.
• Ability to manage multiple audit projects and deadlines effectively.

Preferred Qualifications:

• Experience with audit management software, GRC tools, and data analytics.
• Knowledge of cloud security frameworks (e.g., CSA CCM) and privacy regulations (e.g., GDPR, CCPA).
• Knowledge of Federal Requirements associated with FAR and DFAR.