Internal Auditor – SecOps
Bright Defense · SecOps Team · Now Hiring
Internal Auditor
SecOps — Audit Readiness & Continuous Control Monitoring
You’ll play a vital role in supporting our customers’ ongoing audit readiness and continuous monitoring efforts — reviewing controls, validating evidence, and keeping clients informed with clear, professional written communications every step of the way.
About the role
As an Internal Auditor on the Bright Defense SecOps Team, you’ll review security controls, evidence, and documentation to ensure alignment with industry standards and best practices. You’ll collaborate primarily with internal team members across Governance, Security Consulting, Offensive Security, and other SecOps colleagues — while also preparing clear, detailed written reports that keep customers informed of audit progress, findings, and next steps.
Key responsibilities
Audit execution
- Conduct internal audits of security controls and processes, verifying compliance with ISO 27001, SOC 2, NIST CSF, and applicable frameworks
- Review audit evidence, identify gaps, and coordinate remediation with internal stakeholders
- Support audit readiness by validating control effectiveness ahead of customer external audits
- Maintain up-to-date records of audit findings, status, and corrective actions
Reporting & communication
- Prepare accurate, well-organized audit reports and status updates for customers
- Communicate findings and remediation guidance in clear, professional written form
- Ensure customers stay informed of audit progress, open items, and next steps
- Contribute to improving internal audit procedures, evidence checklists, and tracking systems
Program alignment & collaboration
- Work with Governance, Offensive Security, and SecOps to align audit activities with the overall security program
- Participate in internal meetings to ensure audit tasks align with risk assessments and SecOps goals
- Coordinate remediation tracking across internal stakeholders and client POCs
- Flag emerging control gaps or compliance risks to the assigned Security Consultant
Cross-functional collaboration
Requirements
Experience & frameworks
- 3–4 years as a GRC Analyst or Internal Auditor in information security, compliance, or risk management
- Familiarity with ISO 27001, SOC 2, NIST CSF, and related security frameworks
- Strong understanding of internal controls, audit processes, and evidence management
- Experience supporting regulated sectors (finance, healthcare, SaaS) a plus
Communication & organization
- Excellent written communication — clear, concise customer-facing audit reports are mandatory
- Strong organizational skills and attention to detail across multiple simultaneous audits
- Proven ability to collaborate across technical and non-technical teams
- Must support US Eastern and Pacific time zones, 8AM–5PM
Nice to have
- ISO 27001 Internal Auditor, CISA, CISM, or CISSP (Associate) certification
- Familiarity with GRC platforms, security auditing tools, or evidence management software
- Drata, Vanta, Thoropass, or equivalent platform experience
Tools & platforms
- GRC platforms — Drata, Vanta, Thoropass, or equivalent
- Asana or similar PM tools for audit task tracking
- Google Workspace or Microsoft 365 proficiency
- Evidence management or checklist tooling experience
Why you’ll love this role
Play a critical part in helping customers maintain a strong, audit-ready security posture across real-world frameworks
Gain hands-on experience with SOC 2, ISO 27001, NIST CSF, and other compliance programs across diverse client verticals
Be part of a collaborative SecOps team that values clear communication, trust, and continuous improvement
Compensation & perks
- Competitive base salary — range shared during screening
- Remote-first with flexible hours within the ET/PT coverage window
- Certification reimbursement (CISA, CISM, ISO 27001 Internal Auditor, and others)
- Direct collaboration with Bright Defense co-founders and SecOps leadership
- Broad client exposure across defense, healthcare, and fintech verticals
- Clear path toward ISM or senior GRC roles as you grow