Information Security Auditor (Consulting | AI & Automation)PortoRoboyo is a category shaper in Agentic Automation. We help leading brands embed autonomous, AI‐powered agents into their workflows, processes, products and services so they can scale faster and operate smarter.Built on a strong automation heritage, we focus on seamless integration of AI into enterprise level organization, not just proving concepts, but owning outcomes and driving value in every industry we are present. At Roboyo, you'll join a global team of builders, consultants and engineers that are top practitioners of taking solutions to the next level for clients in pursuit of excellence.We're looking for anInformation Security Auditor (Consulting)to help our clientsassess, improve, and evidencetheir security posture—especially where automation, AI solutions, cloud platforms, and modern engineering practices (CI/CD, Dev Sec Ops) are involved.This role is client-facing and combinesaudit execution ,security assurance, andadvisory. You will lead and contribute to security audits, control assessments, and compliance readiness engagements (e.g., ISO 27001, NIST, SOC 2), and you'll partner with delivery teams to embed security controls intoautomation and AI-enabled processes.What You'll Do (Responsibilities)1) Deliver Client Audits & Security AssessmentsPlan and executerisk-based security auditsandcontrol assessmentsfor clients (internal controls, cloud, apps, Dev Ops, automation platforms, and third parties).Define audit scope, objectives, criteria, testing approach, and sampling aligned to standards and frameworks such as:ISO/IEC 27001/27002 ,NIST CSF / 800-53 ,CIS Controls ,SOC 2 ,COBITPerform fieldwork:Evidence gathering, interviews, walkthroughsVulnerability & patch management reviewData protection controls verification (where relevant)Maintain high-qualityworking papers, traceability, and repeatable audit methodology.2) Audit Readiness & Compliance Advisory (Consulting-led)Support client readiness forISO 27001 certification, surveillance audits, and customer assurance requests.Assess regulatory and contractual security requirements relevant to client context (e.g., GDPR security requirements; NIS2 applicability depending on sector).Provide pragmatic remediation guidance:Prioritized improvement plansConductfollow-upand verify remediation closure.Assess how security is implemented inautomation and AI/ML-enabled workflows, including:Secure automation (RPA / workflow orchestration), bot identities, credential vaulting, segregation of dutiesAI governance & risk controls (data lineage, model risk, prompt/data access controls, monitoring)Secure SDLC / Dev Sec Ops controls: CI/CD, code scanning, secrets management, artifact integrityReview controls for:Cloud environments (Azure/AWS/GCP), M365 security postureAPI security and integration patterns used in automationIdentity & Access Management (IAM), privileged access, MFA, conditional accessLogging, monitoring, SIEM integration, incident response runbooks4) Third-Party & Supplier Security (a key consulting stream)Performsupplier/third-party security assessments(questionnaires + evidence-based validation).Help clients establish third-party assurance models and risk scoring approaches.Support vendor onboarding security checks and contract security clauses alignment.5) Client Communication, Reporting & Executive StorytellingAudit reports with findings, risk ratings, impact, and recommendationsControl matrices, evidence trackers, remediation plansBoard/CISO/CIO-ready summariesPresent results to client stakeholders and facilitate workshops to align on remediation plans.6) Contribute to Growth (Consultancy DNA)Support pre-sales by contributing to:Proposals and statements of work (So Ws)Effort estimates, delivery plans, and approach decksDiscovery sessions and scoping callsHelp build our service offering: templates, accelerators, audit checklists, automation of evidence collection, and knowledge base.What We're Looking For (Required)Experience & Knowledge3+ yearsin one or more: Information Security, IT Audit, GRC, Security Assurance, or Security Engineering (adjustable by seniority).Proven experience conductingsecurity control testingand writing audit-ready documentation.Working knowledge of at least one framework/standard:ISO/IEC 27001 ,NIST ,CIS ,COBIT ,SOC 2Strong understanding of common security domains:IAM/PAM, logging/monitoring, incident response, vulnerability management, change management, backups/BCDRConsulting & Soft SkillsComfortable inclient-facing environments : workshops, interviews, challenging respectfully, influencing.Strong report writing and the ability to translate technical issues intobusiness risk.Excellent organization, time management, and ability to handle multiple engagements.LanguageEnglish(professional fluency required).Portugueseis a strong plus (or required if your client base is PT‐centric).Nice-to-Haves (Highly Valued in Our Context)Certifications:Experience with:Microsoft security stack (Defender, Sentinel, Purview)Dev Sec Ops / CI/CD auditing and secure SDLCThird-party risk management programs Exposure to AI governance frameworks, model risk, or security aspects of AI systems. We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.Interested in building your career at Roboyo? Get future opportunities sent straight to your email.