IT Audit Advisory Consultant with Security Clearance
Apply NowCompany: Knowledge Systems, LLC
Location: Herndon, VA 20170
Description:
The candidate will be responsible for:
Design, develop, and implement IT corrective action plans (CAPs) for self-identified deficiencies (SIDs) and external IPA findings
Perform CAP validation testing for completed remediation activities
Perform baseline review assessments (e.g., FISCAM) to assess system readiness and remediate identified deficiencies
Monitor, track, and report on IT CAP statuses and third-party risk management (e.g., service providers)
Develop risk-based approaches for prioritization of IT findings
Perform advisory services for risk management framework (RMF) activities to support system team IT control implementations in accordance with financial management overlay
Integrate leading practices for IT audit remediation Required Qualifications:
Must be a U.S. Citizen
Active TS/SCI clearance adjudication, and ability to pass a CI poly
8 years of relevant experience and a Bachelors degree appliable to the position from an accredited college or university is required. A Masters degree relevant to the position may be substituted for two (2) years of additional experience. Four (4) years of additional IT audit advisory experience may be substituted for a bachelors degree.
Experience with effective policy, instruction, and development for Federal or DoD Information Security Programs
Experience with risk analysis and assessment determinations incorporating system/mission owner, and unique operational constraints
Experience with Xacta
Ability to understand IT audit finding recommendations to translate those requirements to functional/technical stakeholders
Ability to understand business processes to develop and implement new controls to mitigate or remediate identified IT audit gaps Preferred Qualifications:
Ability to learn IT general controls (ITGC), Financial Information System Control Audit Manual (FISCAM), and National Institute of Standards and Technology Special Publication (NIST) 800-53v4
Experience with Security Control Assessment in compliance with NIST SP 800- 37, NIST SP 800-53, NIST SP 800-53A, and other NIST 800 guide series
Experience with DISA Security Technical Implementation Guide (STIG) implementation and Security Content Automation Protocol (SCAP) tool usage
Familiar with Configuration Management
Excellent attention to detail, organizational skills, and ability to multitask
Strong verbal and written interpersonal, communication, and presentation skills
Strong critical thinking and problem-solving skills
Hold active Security+, CISSP, CISA, or equivalent certifications (DoD 8570 IAM 2 equivalent)
Design, develop, and implement IT corrective action plans (CAPs) for self-identified deficiencies (SIDs) and external IPA findings
Perform CAP validation testing for completed remediation activities
Perform baseline review assessments (e.g., FISCAM) to assess system readiness and remediate identified deficiencies
Monitor, track, and report on IT CAP statuses and third-party risk management (e.g., service providers)
Develop risk-based approaches for prioritization of IT findings
Perform advisory services for risk management framework (RMF) activities to support system team IT control implementations in accordance with financial management overlay
Integrate leading practices for IT audit remediation Required Qualifications:
Must be a U.S. Citizen
Active TS/SCI clearance adjudication, and ability to pass a CI poly
8 years of relevant experience and a Bachelors degree appliable to the position from an accredited college or university is required. A Masters degree relevant to the position may be substituted for two (2) years of additional experience. Four (4) years of additional IT audit advisory experience may be substituted for a bachelors degree.
Experience with effective policy, instruction, and development for Federal or DoD Information Security Programs
Experience with risk analysis and assessment determinations incorporating system/mission owner, and unique operational constraints
Experience with Xacta
Ability to understand IT audit finding recommendations to translate those requirements to functional/technical stakeholders
Ability to understand business processes to develop and implement new controls to mitigate or remediate identified IT audit gaps Preferred Qualifications:
Ability to learn IT general controls (ITGC), Financial Information System Control Audit Manual (FISCAM), and National Institute of Standards and Technology Special Publication (NIST) 800-53v4
Experience with Security Control Assessment in compliance with NIST SP 800- 37, NIST SP 800-53, NIST SP 800-53A, and other NIST 800 guide series
Experience with DISA Security Technical Implementation Guide (STIG) implementation and Security Content Automation Protocol (SCAP) tool usage
Familiar with Configuration Management
Excellent attention to detail, organizational skills, and ability to multitask
Strong verbal and written interpersonal, communication, and presentation skills
Strong critical thinking and problem-solving skills
Hold active Security+, CISSP, CISA, or equivalent certifications (DoD 8570 IAM 2 equivalent)