Description

Experience

• 5 yrs: Cybersecurity frameworks & compliance (NIST, ISO 27001, PCI-DSS, SOC 2), regulatory laws, and vendor risk management.
• 5 yrs: IT security auditing (network, IAM, endpoint, incident response).
• 5 yrs: Communication/reporting—drafting audit reports, presenting findings to executives/legal, vendor engagement.
• 5 yrs: Analytical/risk assessment—identifying gaps and making evidence-based recommendations.
• 4 yrs: Vendor/third-party cybersecurity audits (due diligence, contract compliance).
• 3 yrs: Policy/documentation review for security accuracy and completeness.

Experience

• 3 yrs: Cloud security auditing (AWS, Azure, GCP).
• 3 yrs: Incident response & breach assessment.
• 3 yrs: Contract/SLA interpretation for IT & cybersecurity obligations.
• 2 yrs: Government/regulatory vendor auditing (courts a plus).
• 2 yrs: Executive-level presentation of technical findings.
• 1 yr: Certification (CISA, CISSP, CRISC, or ISO 27001 Lead Auditor).