IT Auditor 2

Job description

IT STAFFING SERVICES SOLICITATION UNDER
DEPARTMENT OF INFORMATION RESOURCES
IT STAFF AUGMENTATION CONTRACT (ITSAC)
Solicitation Reference Number: Working Title: IT Auditor II Title/Level: IT Auditor Category: Security Part Time

I.

DESCRIPTION OF SERVICES

Office of Court Administration requires the services of IT Auditor , hereafter referred to as Candidate(s), who meets the general qualifications of IT Auditor , Security and the specifications outlined in this document for the Office of Court Administration.

All work products resulting from the project shall be considered works made for hire and are the property of the Office of Court Administration and may include pre-selection requirements that potential Vendors (and their Candidates) submit to and satisfy criminal background checks as authorized by Texas law.

Office of Court Administration will pay no fees for interviews or discussions, which occur during the process of selecting a Candidate(s).

• Review vendor contracts, SLAs, and other IT and cybersecurity contractual requirements to confirm compliance with contractual obligations.

• Evaluate the design and implementation of vendor cybersecurity controls against contractual and industry standards.

• Collect and analyze evidence such as security policies, system configurations, logs, and access records.

• Conduct interviews with vendor personnel to assess security practices and governance.

• Perform control testing and sampling to verify the effectiveness of technical and administrative safeguards.

• Identify gaps, deficiencies, or non-compliance in vendor controls and assess associated risks.

• Prepare audit reports summarizing findings, risks, and recommended corrective actions.

• Track remediation efforts and validate closure of audit findings.

• Coordinate with internal stakeholders to ensure vendor risks are communicated and addressed.

II.

CANDIDATE SKILLS AND QUALIFICATIONS Minimum Requirements:
Candidates that do not meet or exceed the minimum stated requirements (skills/experience) will be displayed to customers but may not be chosen for this opportunity.

Years Required/Preferred Experience Required Cybersecurity frameworks and compliance: Proven experience auditing controls against NIST, ISO , PCI-DSS, or SOC standards, with working knowledge of current data protection laws, regulatory compliance, and third-party risk management practices.

Required Technical IT auditing: Strong ability to evaluate security controls such as network protection, identity access management, endpoint security, and incident response across modern IT environments.

Required Communication and reporting: Experienced in drafting audit reports, presenting findings to executive and legal stakeholders, and engaging vendors constructively.

Required Analytical and investigative thinking: Demonstrated ability to identify security gaps, assess risk impact, and make sound, evidence-based recommendations.

Required Third-party/vendor risk auditing: Hands-on experience conducting cybersecurity audits of external vendors, including due diligence, contract compliance, and risk assessments.

Required Policy and documentation review: Skilled at reviewing and validating security documentation, procedures, and control implementation for accuracy and completeness.

Preferred Cloud cybersecurity auditing: Experience auditing vendor environments hosted in AWS, Azure, or Google Cloud, including cloud-native controls and shared responsibility models.

Preferred Incident response and breach assessment: Familiarity with analyzing vendor incident response plans, reviewing past breaches, and evaluating remediation practices.

Preferred Contract interpretation and SLA compliance: Ability to interpret legal and technical language in vendor contracts to ensure proper implementation of SLAs, IT, and cybersecurity obligations.

Preferred Government or regulated industry experience: Background in auditing technology vendors serving courts.

Preferred Presentation to executives: Experience summarizing technical findings for non-technical audiences, including C-suite executives or legal counsel.

Preferred Certifications: At least one relevant certification (CISA, CISSP, CRISC, or ISO Lead Auditor).

III.

TERMS OF SERVICE

Services are expected to start // and are expected to complete by //.

Total estimated hours per Candidate shall not exceed hours.

This service may be amended, renewed, and/or extended providing both parties agree to do so in writing.
IV.

WORK HOURS AND LOCATION

Services shall be provided during normal business hours unless otherwise coordinated through the Office of Court Administration.

Normal business hours are Monday through Friday from : AM to : PM, excluding State holidays when the agency is closed.

The primary work location(s) will be at Office Location - W th Street, Austin, TX - May require travel to other locations in TX..

The working position is Hybrid - On Site and Telework.

Any and all travel, per diem, parking, and/or living expenses shall be at the Candidate's and/or Vendor's expense.

Office of Court Administration will provide pre-approved, written authorization for travel for any services to be performed away from the primary work location(s).

Pre-approved travel expenses are limited to the rates and comply with the rules prescribed by the State of Texas for travel by its classified employees, including any requirement for original receipts.

The Candidate(s) may be required to work outside the normal business hours on weekends, evenings and holidays, as requested.

Payment for work over hours will be at the hourly rate quoted and must be coordinated and pre-approved through Office of Court Administration.
V.

OTHER SPECIAL REQUIREMENTS

• May require travel to interview vendor staff as appropriate.

• May require travel to interview other clients as appropriate.

Required Skill Profession

Computer Occupations