Cybersecurity Risk Auditor

Cybersecurity Risk Auditor

At F5, we strive to bring a better digital world to life. Our teams empower organizations across the globe to create, secure, and run applications that enhance how we experience our evolving digital world. We are passionate about cybersecurity, from protecting consumers from fraud to enabling companies to focus on innovation.

Everything we do centers around people. That means we obsess over how to make the lives of our customers, and their customers, better. And it means we prioritize a diverse F5 community where each individual can thrive.

We are seeking a Cybersecurity Risk Auditor to join our Internal Audit team. This role is ideal for a technology auditor who is naturally curious, enjoys understanding how complex systems work, and is motivated to dig deeper to identify emerging and non?obvious risks, particularly in cybersecurity and cloud?based environments.

In this role, you will support the execution of a risk?aligned, forward?looking internal audit program focused on technology, cybersecurity, and digital risk. You will assess control design and effectiveness, investigate how risks manifest in real?world scenarios, and contribute insights that strengthen governance and resilience across the organization. The position offers broad exposure to modern technology domains while helping evolve Internal Audit into a strategic, technology?enabled business partner.

Primary Responsibilities:

• Execute technology, cybersecurity, and digital risk audit engagements as part of a risk?based internal audit plan
• Perform audit fieldwork aligned to defined objectives while applying professional skepticism and curiosity to identify risks beyond standard audit procedures
• Assess the design and operating effectiveness of controls across technology domains including cloud infrastructure, identity and access management, network security, application security, logging and monitoring, vulnerability management, and incident response
• Go beyond "check?the?box" testing to understand how systems actually operate, where controls may fail, and how risk could evolve as the business and technology landscape change
• Conduct stakeholder interviews and walkthroughs to understand system architecture, processes, and risk trade?offs
• Identify, document, and analyze audit observations, including root causes and potential business or customer impact
• Prepare clear, concise, and well?supported workpapers in accordance with Internal Audit standards and methodologies
• Contribute to audit reporting by summarizing findings, insights, and risk themes in a way that is meaningful to both technical and non?technical stakeholders
• Partner with technology, security, and business stakeholders to validate observations and support effective remediation
• Track audit issues and support follow?up activities to promote timely and sustainable risk mitigation
• Support Internal Audit activities beyond core audits, including risk assessment, audit planning, advisory engagements, and continuous improvement initiatives
• Stay current on emerging technology and cybersecurity risks, threat trends, and evolving industry practices
• Contribute to the ongoing modernization of the Internal Audit function through adoption of improved tools, methodologies, and ways of working

Qualifications:

• Bachelor's degree in Information Systems, Computer Science, Cybersecurity, Engineering, Business, Accounting, or a related field
• Minimum 2+ years of experience in cybersecurity audit, IT audit, or related disciplines within a public accounting firm, public company, or technology?focused organization
• Experience supporting audits or assessments of modern technology environments, including IT general controls, cybersecurity controls, cloud platforms, or SaaS operations
• Professional certifications preferred: CISA, CISSP
• Other relevant certifications considered: CIA, CPA, CISM, CCSP, CRISC

Knowledge, Skills, and Abilities:

• Strong foundational understanding of internal control concepts and their application to technology and business processes
• Familiarity with industry frameworks such as NIST, ISO 27001, COBIT, SOC 2, and COSO
• Analytical mindset with the ability to ask insightful questions, challenge assumptions, and evaluate risk implications
• Demonstrated curiosity and willingness to continuously learn new technologies, platforms, and threat vectors
• Ability to connect technical risks to broader business, operational, and customer impact
• Strong documentation skills, with the ability to clearly articulate work performed and communicate complex topics effectively
• Ability to manage multiple priorities and deadlines in a dynamic, fast?paced environment
• High level of integrity, professionalism, and sound judgment
• Comfort operating in environments where risks are evolving and controls may still be maturing

• Exposure to cloud environments such as AWS, Azure, or GCP
• Familiarity with secure software development practices, DevOps, or DevSecOps pipelines
• Prior experience auditing or assessing cybersecurity programs or security operations

Travel Requirements:

This role requires the ability to travel up to 25% of the time, including international travel