According to our Audit log events in Jira, the only information which is logged by Jira for Issue Security Schemes, is when an user add or remove the entire issue security scheme of a Project. So, currently Jira does not provide logging of any basic or additional events for Issue Security Schemes, so the users who have been added/removed to the Issue level security, is currently not logged in Jira.

From the application logs, it's only logged when the Admin goes to the Issue level security page and make changes, but it does not log which changes were made. Below is an example after adding an user to the Issue level security:

/secure/admin/AddIssueSecurity.jspa [c.a.c.e.c.a.j.i.security.IssueSecurityLevelManagerImpl.projectAndUserToSecurityLevelCache] Cache  com.atlassian.jira.issue.security.IssueSecurityLevelManagerImpl.projectAndUserToSecurityLevelCache was flushed

The suggestion is to increase the logging level for Issue Security Schemes modifications, to log more information on what changes is being made inside it, for audit purposes.