1

Security Auditor Jobs (NOW HIRING)

Information Security Auditor DUTIES: Lead a team that provides comprehensive vendor assessments to evaluate security risks and compliance with standards and regulations; Serve as the main point of ...

IT Security Auditor

Indianapolis, IN · Hybrid

$114K - $185K/yr

Job Title: IT Security Auditor Working Pattern: Hybrid - 3 in office days a week Working Location: Indianapolis, IN Rolls-Royce offers an excellent opportunity for an IT Security Auditor to join our ...

Summary: Join a premier blockchain security firm trusted by top-tier DeFi protocols as a Blockchain Security Auditor. This role involves conducting manual code reviews to identify critical ...

DESCRIPTION OF SERVICES Responsibilities may include, but are not limited to: 1. Plan, execute, and report on IT and cybersecurity audits to assess the effectiveness of security controls, risk ...

Assess current security controls and processes against new CMS, IRS, and SCC security standards. Identify gaps and recommend remediation steps to achieve and maintain compliance. Plan, lead, and ...

Advanced knowledge of security standards and experience performing security audits. Experience in Governance Risk and Compliance. Years of Experience: 10 or more years with IT security and audit ...

Summary Join a mission-driven team supporting security operations at Schriever Space Force Base . As a RAB Auditor , you'll play a key role in coordinating and auditing access to the Restricted Area ...

next page

Showing results 1-20

Security Auditor information

See salary details

$11K

$90K

$140.5K

How much do security auditor jobs pay per year?

As of Jul 12, 2026, the average yearly pay for security auditor in the United States is $89,997.00, according to ZipRecruiter salary data. Most workers in this role earn between $48,000.00 and $130,000.00 per year, depending on experience, location, and employer.

Is an auditor a high paying job?

Security auditors often earn competitive salaries, especially with experience and certifications such as CISSP or CISA. Salaries vary by industry, location, and level of expertise, but the role generally offers a good compensation package compared to many other IT positions.

How to become a security auditor?

To become a security auditor, individuals typically need a bachelor's degree in cybersecurity, information technology, or a related field. Gaining experience in IT security, developing knowledge of security frameworks, and obtaining certifications such as Certified Information Systems Auditor (CISA) or Certified Information Systems Security Professional (CISSP) can enhance qualifications for this role.

Can you make $500,000 a year in cyber security?

Security auditors and cybersecurity professionals can potentially earn $500,000 or more annually, especially with senior roles, specialized skills, certifications like CISSP or CISA, and extensive experience. High-level positions in large organizations or consulting firms may offer such compensation, but it is not typical for entry-level or mid-tier roles.

What are the key skills and qualifications needed to thrive as a Security Auditor, and why are they important?

To thrive as a Security Auditor, you need a thorough understanding of information security principles, risk assessment methodologies, and compliance frameworks, often supported by a degree in cybersecurity or related fields. Familiarity with audit tools, vulnerability scanners, and certifications such as CISA or CISSP is typically expected. Analytical thinking, attention to detail, and effective communication are crucial soft skills for identifying security gaps and conveying findings. These skills ensure that organizations maintain robust security postures and meet regulatory requirements.

What are some common challenges Security Auditors face when evaluating an organization's security controls?

Security Auditors often encounter challenges such as incomplete documentation, resistance to change from staff, and rapidly evolving technology environments. They must navigate complex IT infrastructures and ensure compliance with multiple regulatory frameworks, which can require juggling competing priorities and tight deadlines. Effective auditors use strong communication and analytical skills to identify vulnerabilities, explain risks, and collaborate with both technical teams and management to drive continual improvement.

What are Security Auditors?

Security Auditors are professionals who assess and evaluate an organization's information systems and security policies to ensure compliance with regulations and best practices. They identify vulnerabilities, review controls, and recommend improvements to prevent security breaches or data loss. Security Auditors often conduct regular audits, prepare detailed reports, and collaborate with IT and management teams to strengthen the organization's security posture.

What Is a Security Auditor?

A security auditor is an IT professional in charge of evaluating cybersecurity for a company. As a security auditor, you regularly test information systems, looking for exploits or loopholes that would give an unscrupulous individual access to protected company information. Your job duties also include developing security protocols and working with other teams within the company to ensure everyone is kept up to date with the best practices and other protocols. You must also keep track of relevant laws and regulations, as well as new security threats, to maintain proper cybersecurity for your employer.

What is the difference between Security Auditor vs Security Analyst?

AspectSecurity AuditorSecurity Analyst
CertificationsISO 27001 Lead Auditor, CISSP, CISACISSP, CompTIA Security+, GIAC Security Essentials
Work EnvironmentAudit firms, consulting companies, corporate compliance teamsIT departments, security operations centers, corporate environments
Primary FocusAssessing security policies, compliance, and controlsMonitoring security threats, incident response, and vulnerability management

While both roles focus on cybersecurity, Security Auditors primarily evaluate security policies and compliance through audits, whereas Security Analysts monitor and respond to security threats in real-time. Understanding these differences helps organizations assign the right professionals to their security needs.

What does a security auditor do?

A security auditor evaluates an organization’s information systems, networks, and security policies to identify vulnerabilities and ensure compliance with security standards. They conduct audits using tools like vulnerability scanners and may recommend improvements or corrective actions. Certification such as CISSP or CISA can enhance their effectiveness in this role.
What cities are hiring for Security Auditor jobs? Cities with the most Security Auditor job openings:
Who are the top companies hiring for Security Auditor jobs? The top employers for Security Auditor jobs are:
What states have the most Security Auditor jobs? States with the most job openings for Security Auditor jobs include:
Infographic showing various Security Auditor job openings in the United States as of July 2026, with employment types broken down into 84% Full Time, 13% Part Time, 2% Contract, and 1% Nights. Highlights an 86% Physical, 4% Hybrid, and 10% Remote job distribution, with an average salary of $89,997 per year, or $43.3 per hour.

Information Security Auditor

8848M LLC

San Francisco, CA • On-site

$166K - $170K/yr

Full-time

Posted 13 days ago


Job description

SecurityPal, Inc.
San Francisco, CA
TITLE: Information Security Auditor
DUTIES:
Lead a team that provides comprehensive vendor assessments to evaluate security risks and compliance with standards and regulations; Serve as the main point of contact for clients, ensuring clear communication, understanding of requirements, and satisfaction with services provided; Develop and implement assessment methodologies tailored to client needs and industry best practices; Collaborate with clients to identify their security needs and customize assessment approaches accordingly; and Analyze assessment findings and provide strategic security recommendations to clients to mitigate risks effectively; Generate detailed assessment reports outlining findings, risk levels, and recommendations for remediation. Present findings to clients in a clear, concise, and actionable manner; Foster strong client relationships by proactively addressing concerns, anticipating needs, and providing exceptional service. Act as a trusted advisor on security matters; Collaborate with clients during security incidents to provide technical guidance and support incident response efforts; Perform comprehensive risk assessments beyond vendor assessments, such as enterprise-wide risk assessments, to identify and prioritize risks across different business units or systems; Collaborate with other teams within the organization (e.g., IT, legal, compliance) on security-related initiatives such as policy development, security awareness programs, or incident response exercises; and Conduct readiness assessments for ISO, SOC 2, Fedramp Compliance, evaluating current processes, controls, and documentation to identify gaps and areas needing improvement to achieve compliance and certification. **Telecommuting Allowed for this position**
Minimum Requirements: Master's Degree in Cyber Security and Information Assurance or a substantially related field; thirty (30) months of Work experience in a Cyber Security role; Experience conducting Information Security (IS) Audits compliant with ISO 27001:2013 and SOC 2 Type 2 standards. Telecommuting Allowed for this position.
SALARY: $166,000-$170,000 per year, depending upon experience
HOURS: 9:00 A.M. - 6:00 P.M