Senior IT Audit Consultant Full Time NEW

Position Summary

Blair Carlisle is seeking a motivated Information Security Auditor to join our growing cybersecurity and compliance advisory practice. This role is ideal for an early-career audit professional who has built a solid foundation in information security assessments and is ready to take on increasing responsibility across a diverse portfolio of engagements. The successful candidate will plan, execute, and report on SOC 1, SOC 2, HIPAA, and other information security assessments for our clients, which include SaaS companies, private equity portfolio companies, healthcare third-party administrators, and mid-market enterprises.

Key Responsibilities

• Plan, lead, and execute SOC 1 (Type I and Type II) and SOC 2 (Type I and Type II) examinations in accordance with AICPA attestation standards (AT-C 205, AT-C 320) and the AICPA Trust Services Criteria.
• Perform HIPAA Security Rule and Privacy Rule assessments, including risk analyses, gap assessments, and compliance reviews for covered entities and business associates.
• Evaluate the design and operating effectiveness of information security, availability, processing integrity, confidentiality, and privacy controls across client environments.
• Develop and execute audit programs, test plans, and workpapers that meet professional standards and withstand quality review.
• Conduct walkthroughs, interviews, and evidence gathering with client personnel across technical and business functions.
• Draft clear, well-organized audit reports, management letters, and remediation recommendations for client leadership.
• Assess client control environments against established frameworks, including AICPA TSC (SOC 2), HIPAA, CIS Controls, and NIST CSF/800-53, as appropriate to the engagement.
• Identify control deficiencies, exceptions, and areas of risk, and communicate findings effectively to both technical and non-technical stakeholders.
• Support vendor risk assessments and third-party due diligence engagements for clients.
• Contribute to the development and refinement of Blair Carlisle’s audit methodologies, templates, and quality assurance processes.
• Stay current on evolving audit standards, regulatory requirements, and industry best practices in information security and compliance.

Required Qualifications

• Minimum of 3 years of direct experience performing SOC 1 and/or SOC 2 examinations, HIPAA assessments, or comparable information security audits.
• Demonstrated working knowledge of AICPA attestation standards (AT-C 205, AT-C 320), the AICPA Trust Services Criteria (2017), and the SOC examination lifecycle.
• Experience assessing information security controls across infrastructure, applications, and operational processes.
• Familiarity with common IT control frameworks such as NIST CSF, NIST 800-53, CIS Controls, HIPAA, or ISO 27001.
• Understanding of HIPAA Security Rule and Privacy Rule requirements as they relate to audit and compliance.
• Strong written and verbal communication skills, including the ability to produce professional audit reports and present findings to client stakeholders.
• Ability to manage multiple concurrent engagements and meet deadlines with minimal supervision.
• Bachelor’s degree in Information Systems, Accounting, Cybersecurity, or a related discipline.

Preferred Qualifications

• Professional certification, such as CISA, CISSP, CIA, or CPA (or actively pursuing).
• Experience working in or with a CPA firm, consulting firm, or managed services provider in a SOC examination or IT audit capacity.
• Familiarity with audit management platforms (e.g., Fieldguide, AuditBoard, or similar).
• Experience with healthcare TPA environments, claims processing systems, or HIPAA-regulated organizations.
• Exposure to private equity portfolio company environments, M&A due diligence, or vendor risk assessment processes.
• Understanding of cloud infrastructure (AWS, Azure, GCP) and SaaS application control environments.

Core Competencies

• Analytical Rigor — Ability to evaluate complex control environments, identify gaps, and draw well-supported conclusions from evidence.
• Professional Judgment — Sound decision-making regarding risk, materiality, and the sufficiency of audit evidence.
• Client Engagement — Comfortable working directly with client personnel at all levels, from IT administrators to C-suite executives.
• Attention to Detail — Meticulous workpaper documentation and report quality.
• Adaptability — Able to work across diverse industries, technology environments, and client maturity levels.
• Continuous Learning — Commitment to staying current on standards, frameworks, and emerging risks in cybersecurity and compliance.

Work Environment & Logistics

• Location: Columbus, OH (hybrid). Remote candidates with a willingness to travel will be considered.
• Travel: Moderate travel expected (up to 25%) for on-site client engagements.
• Reports to: CEO / Principal Consultant.
• Employment type: Full-time, exempt.

Compensation

Competitive salary commensurate with experience. Blair Carlisle offers a comprehensive benefits package and opportunities for professional growth, certification support, and increasing engagement leadership responsibilities.

Pay: $97,683.32 – $117,640.13 per year

Benefits:

• Flexible schedule
• Paid time off

Experience:

• SOC Audit: 2 years (Required)

Work Location: Remote