• IT Audit Lead/Internal Controls Tester

    E-volve Technology Systems, Inc. (Reston, VA)


    IT Audit Lead/Internal Controls Tester

     

    Reston, VA

     

    Security Clearance Requirement: Current TS/SCI

     

    Location Note: On-Site Support Required

    Position Description:

    An IT Audit Lead/Internal Controls Tester is responsible for overseeing the planning, coordination, and execution of audit projects to ensure compliance with IT standards, policies, and regulations. They provide guidance to the audit team and manage project timelines.  Responsibilities also include (1) evaluating Financial and enterprise IT systems and processes in place that secure data. (2) Determine risks to the information assets and help identify methods to minimize those risks. (3) Ensure information management processes follow National Institute of Standards and Technology (NIST) and IC policies and Government Accountability Office (GAO) audit standards. (4) Determine inefficiencies in IT systems and associated management. Solid understanding of Risk Management Framework, Federal Information System Management Act of 2002 (FISMA) and Federal Information System Controls Audit Manual (FISCAM) to assess IT operational systems.

    Duties & Responsibilities:

    The It Audit Lead/Internal Controls Tester will have a role in working directly with clients and other organizational stakeholders to support IT internal control efforts, including audits/assessments, remediation, and other ad-hoc efforts. Specific duties and responsibilities:

     

    + Coordinate with CIO stakeholders to develop a strategy to identify and catalog CIO business/operational processes.

    + Collaborate with enterprise stakeholders to provide recommended responses to OIG reports

    + Advise on the preparation of the Annual Statement of Assurance (SOA) in accordance with the Office of Under Secretary of Defense for Intelligence (OUSDI) guidance.

    + Provide Audit Liaison advisory support to External Audits/Inspections performed by the DIA Office of Inspector General (OIG).

    + Provide Advisory support to the CIO Risk Champion, CIO Risk Owners/Leads and the Strategic Policy and Planning Office on, Information Security, and business areas to improve effectiveness and efficiency of risk management activities.

    + Provide Advisory support to the CIO on preparation for any Enterprise Risk Management related examinations conducted by external parties such as regulatory agencies any potential internal audit.

    + Provide strategic direction for IT audit activities, ensuring alignment with enterprise risk management.

    + Develop and maintain audit policies, procedures, and standard operating guidelines.

    + Mentor, coach, and lead internal audit staff or contractors as applicable.

    + Performing rigorous audits/assessments of IT controls using industry-standard guidance and leading practices

    + Performing walkthrough interviews and maintaining communication with a variety of client stakeholders, including system personnel such as system and database administrators

    + Requesting, obtaining, reviewing, and analyzing a variety of artifacts to assist in executing IT controls testing such as security plans, SOPs, system screenshots, and system configuration settings

    + Evaluating the design and operating effectiveness of IT controls using provided artifacts, industry-standard guidance, leading practices, and professional judgement

    + Professionally documenting the results of IT controls test work in a consistent and high-quality manner that would allow a reviewer to repeat the test and reach the same conclusion

    + Summarizing and communicating IT controls assessment results to a variety of client stakeholders, including senior leadership personnel

    + Planning and executing day-to-day activities of IT controls assessments individually and for the team

    + Working with client personnel to understand and analyze known IT control weaknesses, identify root causes, and develop detailed, robust remediation plans

    + Providing subject matter expertise to client personnel on all matters relating to IT controls and responding to ad-hoc IT controls requests from client personnel

    Job Requirements:

    + Experience in Audit and Internal Controls with the Intelligence Community (preferred) or DoD government agencies.

    + Understanding of commonly used internal control and information technology frameworks, including Control Objectives for Information and Related Technologies (COBIT). International Organization for Standardization (ISO) 27001, NIST Cybersecurity Framework, Information Technology Infrastructure Library (ITIL).

    + Extensive knowledge in relevant information technology field such as, Information Security, Cybersecurity, Windows 0365, databases (Oracle, Structured Query Language (SQL)), Cloud Services, 3rd Party hosted services, Patch Management, Application Development, Software Development Lifecycle (SDLC), Project Management, Firewalls, Business Continuity, and IT Operations.

    + Experience working with Enterprise Resource Planning (ERP) systems is a plus (e.g., SAP).

    + Extensive knowledge of the IC and IT policy and procedures relating to the Risk Management Framework and IT Audits.

    + Demonstrates knowledge and experience in IT risk and controls through IT audits, IT control assessments, and IT security reviews. Demonstrates a working knowledge of IT audit, the FISCAM, and other relevant federal information assurance laws, regulations, and guidance.

    + Experience performing IT audits, OMB Circular A-123 or similar internal control assessments, and/or remediating and implementing IT controls is preferable. Experience testing or remediating some or all the following IT controls topic areas is preferable:

    + Access and account management, including authorization, provisioning, recertification, and separation

    + Segregation of duties, including identifying and defining segregation of duties risks and conflicts, preventive and detective segregation of duties controls, and understanding the difference between segregation of duties and least privilege

    + Technical account management controls, such as password length, complexity, and expiration

    + Audit logging and monitoring, including generation of audit logs, use of audit log aggregation and analysis tools, and audit log monitoring and review

    + Configuration management, including configuration baseline concepts, baseline deviations, baseline maintenance, monitoring for ongoing compliance with a baseline, and industry-accepted baselines such as DISA STIGs and CIS benchmarks

    + Change management, including authorization, development, testing, and deployment of changes

    + Contingency planning, including backups, testing of backups, and alternate sites

    Recommended:

    + Experience performing: Federal Information System Controls Audit Manual (FISCAM), Financial Improvement Audit Remediation (FIAR) and Federal Information Security Management Act (FISMA) security reviews

    + CISA or CIA certification

    + 1-2 years of Federal or DOD IT audit experience

    Education

    + High School Diploma/GED and 12 years of experience

    + Bachelor’s degree and 5 years of experience

     

    E-volve Technology Systems salaries are determined by various factors, including but not limited to location, the candidates’ education, skills, experience, and competencies, as well as contract-specific funding and organizational requirements. The projected compensation range for this position is $172,000 to $192,000 (annualized USD). The estimate displayed represents the typical salary range for this position and is just one component of E-volve's total compensation package for employees.

     

    E-volve Technology Systems, Inc. provides Mission Operations, Information Technology Management, and Intelligence Analysis support services to advance National Security and other Federal Government programs within the Department of Defense (DoD), Intelligence, and Civilian government agencies. For more information please visit us at www.e-volvetechsystems.com.

     

    E-volve Technology Systems, Inc. provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, or local laws. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training. We comply with Form I-9 identity and legal work authorization requirements for Employment Eligibility Verification in accordance the Immigration Reform and Control Act of 1986 (IRCA). E-volve Technology Systems, Inc. offers fair and competitive compensation and benefits to all eligible employees. Salaries are dependent upon a wide range of factors including position requirements, customer/program needs, individual qualifications, education, experience, certification and/or training, location, and other job-related factors.

     

    Please email any questions to: [email protected]

     

    Powered by JazzHR