Cybersecurity Auditor | Contract

We are looking for an independent Cybersecurity Auditor to conduct a formal cybersecurity audit of 22 critical systems, covering industrial systems, information systems, and technical infrastructure for a regulated critical infrastructure environment. The audit will follow the NKSC-approved methodology and the Lithuanian Cybersecurity Law (KSĮ), with a focus on technical and organisational control assessment, maturity evaluation, and audit-grade documentation supported by qualified electronic signatures.

Key Responsibilities:

• Conduct interviews with system administrators and review evidence across 22 critical systems.
• Assess compliance with KSĮ using a 3-level maturity scale.
• Evaluate baseline cybersecurity controls, identify non-conformities, and prepare a remediation action plan.
• Prepare and agree on an Audit Plan within the required timeline, including interim and final audit reporting.
• Present findings during a closing meeting and deliver complete audit-grade documentation signed with qualified electronic signatures.
• Maintain full independence, impartiality, and conflict-of-interest compliance throughout the engagement.

Must-Have Requirements:

• Certified information systems security compliance auditor from an internationally recognised organisation, such as CISA, ISO 27001 Lead Auditor, or equivalent.
• Completion of NKSC-prescribed training and successful qualification examination.
• Strong knowledge of KSĮ, NIS2-aligned frameworks, and applicable Lithuanian regulatory requirements.
• Full compliance with NKSC independence, impartiality, and integrity requirements.
• Ability to work as part of a team of up to 3 auditors, with all members meeting minimum qualification requirements.
• No operational or management responsibility for any systems being assessed.
• No conflict of interest with the audited entity, with any conflict reported in writing within the required timeframe.