Roles: Jr/Mid/Senior Auditors
Location: Remote (Must be available to work EST hours)
Duties & Responsibilities:
- Execute FISMA CIO annual reporting and external and internal IT audit data calls, reviews, coordination and reporting. Provide system administration support to the GRC module, to include upgrades, patching, and account management.
- Developing strategy for the security audit team in coordination with compliance, system teams, executive teams, and other key stakeholders.
- Developing and maintaining execution the master audit schedule
- Leading and conducting audit meetings as required
- Coordinate, develop response, and manage IT audit reporting requirements in coordination with Senior Auditor
- 4 year degree (Bachelors Degree) from an accredited College or University in Business/Engineering
- Minimum of 10 years of experience in listed tasks - 3+ years of experience for Jr. level
- Certified Information Systems Auditor (CISA)
- Must have or be eligible to obtain a Public Trust Clearance
- Experience with RMF and applying the NIST Cybersecurity Framework.
- Experience using CSAM.
- Solid understanding and application of NIST Special Publications including SP 800-53, SP 800-137, SP 800-171, and SP 800-37.
- Solid understanding of FISMA CIO reporting requirements.
- Solid understanding of IT audit requirements.
- Experience with Federal Risk and Authorization Management Program (FedRAMP).
- Experience with auditing systems and applications deployed in local and cloud environments following federal guidelines and best practices.
- Ability to work with cooperatively and at a technical level with developers, engineers, and managers on system teams.
- Knowledge of computer networking concepts, protocols, and network security methodologies.
- Knowledge of risk management processes and tools (e.g., methods and tools for assessing and mitigating risks).
- Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy in a federal environment.
- Knowledge of current and past cybersecurity threats and vulnerabilities.
- Ability to effectively manage and prioritize multiple tasks and duties simultaneously while effectively coordinating and ensuring that scheduled delivery dates and milestones are achieved.
- Able to communicate effectively in a accurate and concise manner through written and verbal means to system teams and product and cybersecurity leadership.
- Ability to take initiative on assigned systems and related tasks and work with minimal supervision.
- Ability to work and collaborate as part of an integrated team with diverse backgrounds.