Information Security Specialist for BA's client (B2B contract)

Baltic Amadeus is a technology partner helping organisations build and scale their IT solutions. With a team of 300+ IT professionals, we turn complexity into systems that actually work.

Our expertise spans the full IT lifecycle, from IT consulting and custom software development to mobile app development, mobile banking, cyber security, including penetration testing, and web portal development. We create internal systems and customer-facing platforms, including mobile applications, self-service, eCommerce, and banking solutions.

Our team has proven experience in industries where reliability and compliance are critical, such as banking and finance, public sector, telecommunications, logistics, and insurance.

With 37+ years in the industry, we partner with clients across the globe, including Fortune 500 and Forbes Global 2000 companies, helping them achieve measurable business results.

Project/Client: Critical Infrastructure / Public Sector

Location: Lithuania

Start Date: ASAP

Duration: 3 months with possible extension

Language: Lithuanian

Baltic Amadeus client is looking for an experienced Cybersecurity Auditor to join the team under a B2B (business-to-business) contract to conduct a formal cybersecurity audit of 22 critical systems — including industrial, information, and technical infrastructure — on behalf of a regulated critical infrastructure entity. The audit must be performed in accordance with the NKSC-approved methodology (Order No. 1-25, 2026-02-24) and the Lithuanian Cybersecurity Law (KSĮ), Article 14(8). The engagement covers technical and organisational control assessment, maturity evaluation, and delivery of audit-grade documentation with qualified electronic signatures.

Key Responsibilities

• Conduct interviews with system administrators and review evidence across 22 significant systems, assessing compliance with KSĮ using a 3-level maturity scale.
• Evaluate baseline cybersecurity controls, identify non-conformities, and provide a remediation action plan.
• Prepare and agree on an Audit Plan within 3 weeks of contract signing, delivering an interim report within 45 calendar days and a final draft no later than 10 working days before the deadline.
• Present findings at a closing meeting and ensure full audit-grade documentation signed with qualified electronic signatures.
• Maintain full independence, impartiality, and conflict of interest compliance throughout the engagement.
  
  

Requirements

• Certified information systems security compliance auditor from an internationally recognised organisation (e.g., CISA, ISO 27001 Lead Auditor, or equivalent).
• Completion of NKSC-prescribed training and passing of the qualification examination.
• Full compliance with NKSC independence, impartiality, and integrity requirements as defined in the audit methodology.
• Team of up to 3 auditors — all members must meet minimum qualification requirements; auditors must not manage or operate any of the systems being assessed.
• Strong knowledge of KSĮ, NIS2-aligned frameworks, and applicable Lithuanian regulatory requirements.
• No conflict of interest with the audited entity — any conflict must be reported in writing within 5 calendar days.
  
  

Hourly salary: up to 80 euros (Gross). If you have different expectations, please let us know — we are open to discussing compensation based on your skills and experience.