It is always hard to vet a vendor, but cyber audit vendors may pose more difficult challenges. Here are a few designations that should help determine their worthiness.
Are they members of ISSA or ISACA?
Do they hold the CISSP desingation?
Follow the ISO 27000 series for these types of audits.