IT Security Compliance Auditor

Hybrid role- In the office 2 days a week. Must be able to commute to Detroit, MI

Role Expectations

This role requires hands-on involvement in the entire audit process, not just evidence collection. The candidate will:

• Lead and perform assessments independently
• Interview stakeholders and document findings
• Evaluate evidence and validate control effectiveness
• Draw conclusions and support audit assertions with documented proof

Five (5) years of combined IT experience to include two (2) years IT security work

Required Experience & Skills

• 5 years of experience in IT compliance, IT audit, or IT risk assessments
• Strong knowledge of governance, risk, and compliance (GRC) principles
• Experience with security frameworks such as HITRUST CSF, NIST CSF, ISO 27001, and COBIT
• Proven experience executing the full audit lifecycle, including:
• • Evidence collection and validation
  • Control testing and observation tracking
  • Management response coordination
  • Auditor communications
• Strong analytical, problem-solving, and decision-making skills
• Experience testing IT controls across infrastructure, systems, and applications
• Excellent written and verbal communication skills, with the ability to adapt messaging to different audiences
• Strong organizational skills with the ability to manage multiple priorities
• Ability to work independently with minimal supervision while proactively seeking guidance when needed
• Demonstrated professionalism, especially when handling conflict or working under pressure

Key Responsibilities

• Execute security governance and compliance activities in alignment with organizational policies, standards, and regulatory requirements
• Document and evaluate adherence to governance requirements across policies, procedures, controls, compliance programs, training, and awareness initiatives
• Assess the design and operating effectiveness of IT and business controls against the HITRUST CSF and other applicable frameworks, identifying gaps and opportunities for improvement
• Conduct full audit lifecycle activities, including planning, fieldwork, testing, reporting, and follow-up validation
• Perform stakeholder interviews (SMEs, system owners, IT staff) to understand processes, validate control execution, and identify risks
• Conduct process walkthroughs to gain a thorough understanding of business and IT functions
• Collect, review, and analyze evidence to independently verify management assertions
• Perform testing of IT controls across systems, applications, databases, and operating environments
• Identify root causes of control deficiencies and provide actionable recommendations for process improvement and risk mitigation
• Collaborate with cross-functional teams to address risks and ensure compliance with HITRUST CSF and other frameworks