|Education:||BS/BA degree required; Computer Science or Information Systems degree preferred.|
|Certifications:||CISA Certification Preferred|
|Experience:||3+ years performing IT Audits, Examinations, and Reviews required.|
|Clearance:||ACTIVE DoD SECRET or higher clearance is required|
|Related Experience Should Include:|
- IT Documentation and audit report experience with standards such as NIST SP800-53, NIST RMF, SOC 2 reports.
- Service Organization Control SOC 2 Audit and/or preparation experience.
- Audit experience with OMB Circular A-123, NIST 800-53/RMF, Federal Information System Controls Audit Manual (FISCAM) (Guidance for testing)
- Auditing legacy technologies such as Mainframe, etc.
- Relevant Experience with SSAE18, FIPS-199, and FIPS-200, desired.
- Reviewing System Security Plan (SSP), System Interface Agreements, Security Assessment Reports (SAR), SOC 2 Attestation Reports, NIST RMF package/documentation, IT and Information Security Policy/Procedure documentation, Security Control mapping documentation, DOD Cloud Computing Security Requirements Guide (SRG), Risk Assessment and Management documentation, Incident Response Plan, Disaster Recovery Plans (DRP), Business Continuity documentation (COOP), and Concepts of Operations (CONOPS) documentation.
- Management Experience in IT and Cyber Audits.
- Writing/documentation related to large scale information technology systems for federal information systems.
- Strong organizational skills including management of IT projects. Strong interpersonal skills / experience working with project managers, technical writing teams, system engineers, developers, and customers.
- Work with client management and staff at all levels to perform audit services; planning, execution, supervision and completion of audit, examination, or consulting services.
- Regularly communicate with client management and process owners.
- Identify and communicate auditing matters / issues to junior associates, managers and partners.
- Review and generate reports based on the FISCAM methodology.
- Gain comprehensive understanding of client operations, information systems, authorization boundaries, system boundaries, business processes, and business objectives and utilize that knowledge on engagements.
- Review and evaluate information system risks, document and assess security controls, document and assess data flows.
- Information System Categorization processes (FIPS-199/FIPS-200).
- Risk Management Framework (RMF) documentation.
- Perform System Security Assessments.
- NIST SP800-53r4 control reviews.
- Work with partners and managers to determine proper treatment of various issues that arise during an audit.
- Develop audit reports and client deliverables.
- Review client deliverables and audit report documentations.
- Maintain a good working relationship with clients to enhance customer satisfaction.
- Participate in and mentor others in the day to day execution of one or more engagements.
- Adhere to the highest degree of professional standards and strict client confidentiality.
- Assist in the development of proposals and thought leadership documentation.
- Fully adjudicated DoD Secret Clearance and U.S. Citizenship only (Dual Citizens are not authorized).
- Unable to work with 3rd party candidates or agencies.
- Only local residents to the Northern VA, DC, MD area will be considered.