||Telework and Falls Church VA office. Non-local travel (up to 25%) will be required after COVID related restrictions are lifted.
||BS/BA degree required; Computer Science or Information Systems degree preferred.
||CISA or CISSP
||3-6+ years performing IT audits / examinations / reviews is required. Relevant Experience with NIST SP800-53r4, NIST RMF, ISO 27001, SOC 2, SSAE18, FIPS-199, and FIPS-200, desired.
||ACTIVE DoD SECRET or higher clearance is required to be considered for this position
- IT Documentation and audit report experience with standards such as NIST SP800-53r4, NIST RMF, ISO27001, HIPAA, HITRUST, SOC 2 reports, FedRAMP, NIST SP800-171r1.
- Reviewing reports such as System Security Plan (SSP), System Interface Agreements, Security Assessment Reports (SAR), SOC 2 Attestation Reports, NIST RMF package/documentation, STIG results/reports, Vulnerability Assessment/Reports, IT and Information Security Policy/Procedure documentation, Security Test & Evaluation (ST&E) reports, Security Control mapping documentation, DOD Cloud Computing Security Requirements Guide (SRG), Risk Assessment and Management documentation, Incident Response Plan, Disaster Recovery Plans (DRP), Business Continuity documentation (COOP), Concepts of Operations (CONOPS) documentation, reviewing Plans of Actions and Milestones (POA&Ms), etc.
- Management Experience in IT and Cyber Audits.
- Writing/documentation related to large scale information technology systems, preferably for federal information systems.
- Strong organizational skills including management of IT projects.
- Strong interpersonal skills / experience working with project managers, technical writing teams, system engineers, developers, and customers.
|Job Duties and Responsibilities:
- Work with client management and staff at all levels to perform audit services; planning, execution, supervision and completion of audit, examination, or consulting services.
- Regularly communicate with client management and process owners.
- Identify and communicate auditing matters / issues to junior associates, managers and partners.
- Gain comprehensive understanding of client operations, information systems, authorization boundaries, system boundaries, business processes, and business objectives and utilize that knowledge on engagements.
- Review and evaluate information system risks, document and assess security controls, document and assess data flows.
- Information System Categorization processes (FIPS-199/FIPS-200).
- Risk Management Framework (RMF) documentation.
- Security Assessment Report (SAR) documentation.
- Security Test and Evaluation (ST&E) documentation.
- Perform System Security Assessments.
- NIST SP800-53r4 control reviews.
- Review and generate reports based on the FISCAM methodology.
- Review Security Technical Implementation Guides (STIGs), DOD Cloud Security Requirement Guides (SRG), Vulnerability Assessments System Security Plans (SSP), Plan of Actions and Milestones (POA&M) artifacts.
- Work with partners and managers to determine proper treatment of various issues that arise during an audit.
- Develop audit reports and client deliverables.
- Review client deliverables and audit report documentations.
- Maintain a good working relationship with clients to enhance customer satisfaction.
- Participate in and mentor others in the day to day execution of one or more engagements.
- Adhere to the highest degree of professional standards and strict client confidentiality.
- Assist in the development of proposals and thought leadership documentation
- US Citizenship. Fully adjudicated DoD Clearance at the SECRET level or higher.
- Unable to work with 3rd party candidates or agencies.
- Only local residents to the Northern VA, DC, MD area will be considered