Cybersecurity Auditor/IT Firewall Auditor - Hybrid

The selected candidate will work closely with Gwinnett County Internal Audit leadership to perform hands-on cybersecurity and IT control assessments, develop audit documentation, conduct technical testing, and provide practical security recommendations. This role requires a strong mix of technical cybersecurity knowledge, audit methodology, and professional communication skills. This is a hybrid role with a combination of remote work and onsite work at Gwinnett County offices in Lawrenceville, GA as needed . Key Responsibilities Perform IT and cybersecurity audits across various operational and technical environments Conduct firewall and network security reviews, including rule analysis and segmentation validation Evaluate controls related to: Patch management Logging and monitoring Administrative access Vulnerability management Incident response Change management Security architecture User access controls Develop Risk Control Matrices (RCMs), walkthrough documentation, narratives, and detailed workpapers Perform manual testing and analysis without reliance on automated tools Review and analyze firewall configurations, security logs, and system evidence Work directly with County personnel to identify and document controls in environments with limited existing documentation Draft findings, observations, recommendations, and audit reports Maintain audit documentation within SharePoint and County project management tools Participate in audit walkthroughs, interviews, and status meetings Collaborate with Internal Audit leadership to prioritize risk areas and manage audit timelines Required Qualifications 5+ years of experience conducting IT audits, cybersecurity audits, or internal audits Experience performing hands-on technical control testing Strong understanding of cybersecurity concepts and enterprise IT controls Experience with firewall/security technologies such as Palo Alto, Cisco, or similar platforms Experience evaluating: Access controls Security logging Network segmentation Patch/vulnerability management Change management Strong documentation and audit workpaper skills Ability to communicate technical issues to both technical and non-technical stakeholders Experience working independently with minimal supervision Proficiency with Microsoft Office and SharePoint Preferred Qualifications CISA, CISSP, CISM, Security+, CEH, or similar certifications Public sector or government audit experience Experience with CIS Controls and NIST frameworks Experience reviewing SIEM logs and security monitoring controls Experience conducting firewall/security architecture assessments Work Environment Hybrid onsite/remote role Onsite meetings and fieldwork may be required within Gwinnett County facilities Flexible workload based on audit phases and County priorities Must be comfortable working in collaborative audit environments with evolving requirements