Information Systems Auditor

Are you passionate about technology and enjoy explaining complex solutions in a way that everybody gets excited? If so, read on!
About Picus
Picus Security, the leading security validation company, gives organizations a clear picture of their cyber risk based on business context. Picus transforms security practices by correlating, prioritizing, and validating exposures across siloed findings so teams can focus on critical gaps and high-impact fixes. With Picus, security teams can quickly take action with one-click mitigations to stop more threats with less effort.
The Picus Security Validation Platform easily reaches across on-prem environments, hybrid clouds and endpoints coupled with Numi AI to provide exposure validation. 
The pioneer of Breach and Attack Simulation, Picus delivers award-winning threat-centric technology that allows teams to pinpoint fixes worth pursuing, offering a 95% recommendation in Gartner Peer Review.
About The Role
If you’re a results-driven person with an entrepreneurial mindset who takes the initiative and thrives in a dynamic environment, then this is a great opportunity to play a pivotal role in a fast-growing cyber security company. We are looking for a smart and driven individual to have a direct impact on the future of our business by helping to influence the global adoption of our award-winning Picus Security Validation Platform.
We are seeking an Information Systems Auditor to join our Information Security Practice Team. The ideal candidate will contribute to the governance, audit, compliance, and continuous improvement of company policies and processes in alignment with international standards and frameworks.
In this context, the Information Systems Auditor supports the effectiveness and continuity of the certificates and the requirements that Picus has, and the governance-risk-audit frameworks it follows, and also ensures follow-up and management in all audit issues and documentation for process owners and end-users.
Picus is headquartered in Ankara, with a regional office in Istanbul, but our team is remote across Türkiye. Please note that all CVs must be submitted in English.

What You'll Do

• Manage, support, and oversee compliance activities related to global certifications (e.g., ISO/IEC 27001, 22301, 27701, 20000-1, etc) and regulatory frameworks (i.e., SOC 2, NIST CSF, CSA Star, etc)
• Audit, monitor, and improve policies and processes related to: Information Security, Business Continuity, Privacy Governance and Risk Management
• IT service management
• Cloud application security and SaaS vendor compliance
• Participate in Cloud/SaaS security assessments, risk reviews, and vendor due diligence as part of the TPRM program
• Represent the company in second and third-party audits, including customer audits and cloud vendor evaluations
• Respond to RFPs and customer security questionnaires with accurate and comprehensive compliance input to ensure compliance and mitigate risk
• Maintain, evaluate, and expand upon existing certifications and frameworks to align with business needs and the technology landscape
• Define and track key compliance and audit metrics to measure control effectiveness and report findings to relevant stakeholders
• Support the development and delivery of privacy and information security awareness programs
• Conduct internal audits to assess compliance, identify potential gaps, and recommend and track corrective actions
• Shows genuine interest in emerging technologies such as AI, ML, and automation and stays informed on how these technologies impact risk, privacy, governance, and security frameworks
• Collaborate with business units to ensure process alignment with standards, contracts, and legal requirements.

What You Have

• 3+ years of hands-on experience in audit, compliance, risk management, or information security — ideally within a technology, SaaS, internal controls, or cloud-driven environment
• Experience with ISO/IEC standards (27001, 27701, 22301, 20000-1), ISACA CISA Domains and SOC 2, including preparation, audit coordination, and evidence management
• Familiarity with TPRM programs, vendor due diligence, and customer-facing compliance processes
• Familiarity with relevant international security and privacy related regulations, such as GDPR and CCPA, and compliance processes
• Demonstrated ability to manage multiple audits or compliance projects in parallel
• Strong verbal and written communication skills in English, including documentation and policy writing.