Information Systems Auditor

Are you passionate about technology and enjoy explaining complex solutions in a way that everybody gets excited? If so, read on!
About PicusPicus Security, the leading security validation company, gives organizations a clear picture of their cyber risk based on business context. Picus transforms security practices by correlating, prioritizing, and validating exposures across siloed findings so teams can focus on critical gaps and high-impact fixes. With Picus, security teams can quickly take action with one-click mitigations to stop more threats with less effort.
The Picus Security Validation Platform easily reaches across on-prem environments, hybrid clouds and endpoints coupled with Numi AI to provide exposure validation. 
The pioneer of Breach and Attack Simulation, Picus delivers award-winning threat-centric technology that allows teams to pinpoint fixes worth pursuing, offering a 95% recommendation in Gartner Peer Review.
About The RoleIf you’re a results-driven person with an entrepreneurial mindset who takes the initiative and thrives in a dynamic environment, then this is a great opportunity to play a pivotal role in a fast-growing cyber security company. We are looking for a smart and driven individual to have a direct impact on the future of our business by helping to influence the global adoption of our award-winning Picus Security Validation Platform.
We are seeking an Information Systems Auditor to join our Information Security Practice Team. The ideal candidate will contribute to the governance, audit, compliance, and continuous improvement of company policies and processes in alignment with international standards and frameworks.
In this context, the Information Systems Auditor supports the effectiveness and continuity of the certificates and the requirements that Picus has, and the governance-risk-audit frameworks it follows, and also ensures follow-up and management in all audit issues and documentation for process owners and end-users.
Picus is headquartered in Ankara, with a regional office in Istanbul, but our team is remote across Türkiye. Please note that all CVs must be submitted in English.

What You'll Do

• Manage, support, and oversee compliance activities related to global certifications (e.g., ISO/IEC 27001, 22301, 27701, 20000-1, etc) and regulatory frameworks (i.e., SOC 2, NIST CSF, CSA Star, etc)
• Audit, monitor, and improve policies and processes related to:
Information securityBusiness continuityPrivacyGovernance and risk managementIT service managementCloud application security and SaaS vendor compliance
• Participate in Cloud/SaaS security assessments, risk reviews, and vendor due diligence as part of the TPRM program
• Represent the company in second and third-party audits, including customer audits and cloud vendor evaluations
• Respond to RFPs and customer security questionnaires with accurate and comprehensive compliance input to ensure compliance and mitigate risk
• Maintain, evaluate, and expand upon existing certifications and frameworks to align with business needs and the technology landscape
• Define and track key compliance and audit metrics to measure control effectiveness and report findings to relevant stakeholders
• Support the development and delivery of privacy and information security awareness programs
• Conduct internal audits to assess compliance, identify potential gaps, and recommend and track corrective actions
• Shows genuine interest in emerging technologies such as AI, ML, and automation and stays informed on how these technologies impact risk, privacy, governance, and security frameworks
• Collaborate with business units to ensure process alignment with standards, contracts, and legal requirements.

What You Have

• 3+ years of hands-on experience in audit, compliance, risk management, or information security — ideally within a technology, SaaS, internal controls, or cloud-driven environment
• Experience with ISO/IEC standards (27001, 27701, 22301, 20000-1) and SOC 2, including preparation, audit coordination, and evidence management
• Familiarity with TPRM programs, vendor due diligence, and customer-facing compliance processes
• Familiarity with relevant international security and privacy related regulations, such as GDPR and CCPA, and compliance processes
• Demonstrated ability to manage multiple audits or compliance projects in parallel
• Strong verbal and written communication skills in English, including documentation and policy writing.

Working at PicusFascinating work - a chance to shape and lead an exciting, fast-growing cyber security segment. Security Validation is a concept that helps organizations evaluate their security posture in a continuous, automated, and repeatable way. This approach allows for the identification of imminent threats, provides recommended actions, and produces valuable metrics about cyber-risk levels.
Unlimited opportunity! We are growing. At Picus, you'll be provided with as much responsibility as you can handle - new career development opportunities constantly arise given our rate of growth.
Global exposure - Get a lot of experience working not only in a fast-growing startup but also interact with customers all around the world.
Be part of a global remote team who is taking on Exposure Validation and a growing market segment.

We are an equal opportunity employer, and all qualified applicants will receive consideration for employment without regard to age, sex, race, color, national origin, religious belief, gender or gender reassignment, sexual orientation, marriage or civil partnership, pregnancy and maternity, disability, protected veteran status, or any other characteristic protected by International law.  Upon conditional offer of employment, candidates are required to complete reference and identity checks in line with local labor laws and as per the Company’s employment policy.