Auditor

About The Position

Requirements

• Minimum of 12 years with BS/BA; Minimum of 10 years with MS/MA; Minimum of 7 years with Ph.D.
• Clearance: TS/SCI (active)
• Candidate must meet ONE: Master’s degree or Ph.D. in Computer Science, Cybersecurity, Data Science, Information Systems, Information Technology, or Software Engineering; OR Relevant DoD/Military advanced assessor training (e.g., Security Control Assessor (Advanced) Playlist, DCMA DIBCAC Cybersecurity Assessor Advanced); OR Relevant professional certifications or equivalent experience (examples: CCISO, CISA, CISM, CISSP, CISSP‑ISSEP, CySA+, GSLC, GSNA).
• Minimum 7 years performing cybersecurity audits, control assessments, or compliance work with at least 4 years in DoD/enterprise RMF/CCRI contexts.
• Audit methodology, control testing, evidence collection, report writing, POA&M tracking, and briefing senior leadership.

Nice To Haves

• Prior CCRI/CCRI‑like audit experience and familiarity with eMASS/RMF artifacts
• Experience with vulnerability management tools, automated scanning, and audit evidence toolsets
• Strong written communication and executive briefing skills

Responsibilities

• Plan and execute cybersecurity audits and assessments (controls, processes, documentation, scans) per NIST, RMF, CCRI, and Army standards.
• Review technical and procedural controls, scan/vulnerability results, policies, and operational practices to identify gaps and weaknesses.
• Produce clear, evidence‑based audit findings, risk impact analyses, and prioritized corrective action recommendations.
• Coordinate remediation tracking with ISSOs, ISSMs, system owners, and program compliance leads; verify fixes and update POA&Ms.
• Support preparation of audit packages and evidence for CCRI, RMF/ATO, and inspection activities.
• Maintain audit workpapers, evidence logs, and formal audit reports; brief leadership on findings and risk posture.
• Contribute to continuous improvement by recommending control/process enhancements and compliance best practices.