IT and Cyber Risk Auditor Principal

About The Position

Requirements

• 8+ years of progressive experience to an intermediate level in IT audits, cybersecurity risk management, or information assurance.
• TS/SCI w/CI poly.
• Security+CE.
• Expertise with cybersecurity and IT control frameworks and compliance requirements.
• Experience conducting complex IT and cybersecurity audits in government or federal contracting environments.
• Experience with cloud security risk assessments and modern technologies
• Clear and effective communication skills with the ability to influence technical and executive audiences.
• Ability to multi-task, prioritize, and re-prioritize work in a fast-paced environment.
• Ability to learn an application environment in order to update or create supported security documentation.

Nice To Haves

• Bachelor’s degree or equivalent military training in Information Systems, Cybersecurity, Computer Science, Accounting, or related field.
• Applicable certifications include: CASP+, CGRC/CAP, GSEC, GSNA, SSCP, CISSP, CISM.
• Currently hold certification in good standing to satisfy IAM Level II (Information Assurance Management Level 2) per DoW 8570/8140.
• Successfully completed Tier 5 Investigation (T5), formerly known as a Single Scope Background Investigation (SSBI) by the federal government within the last 5 years, or requires candidate to have been enrolled in a Continuous Vetting program within the last 5 years.

Responsibilities

• Lead and execute rigorous IT and cybersecurity risk audits and assessments
• Evaluate IT general controls, cybersecurity controls, and risk management processes.
• Assess compliance with federal frameworks and guidance (e.g., NIST, RMF, FISMA, FedRAMP, ISO 27001)
• Identify and document control gaps, risk exposures, and areas for process improvement.
• Provide risk-based recommendations and actionable insights to senior leadership and stakeholders.
• Support preparation of audit reports and executive briefings
• Manage and execute system Certification and Accreditation processes, ensuring compliance with security controls and requirements outlined in agency policies.
• Collaborate with cybersecurity, IT, compliance, and program teams to drive remediation and sustainable improvements.
• Participate in internal and external audit activities, including customer assessments.
• Experience using XACTA data base applications and the ICD 503, NIST 800-83 rev4 policy
• Review monthly vulnerability scan reports and track and address weaknesses in plans as needed.
• Perform security system event analysis, investigation, and validation
• Provide incident response to classification spills, malware infection, misconfiguration exposure, internal inappropriate behavior and technical issue
• Perform Security Technical Implementation Guide (STIG) and Federal Information Security Management Act (FISMA) assessments and annual reporting

Benefits

• Growth: AI-powered career tool that identifies career steps and learning opportunities.
• Support: An internal mobility team focused on helping you achieve your career goals.
• Rewards: Comprehensive benefits and wellness packages, 401K with company match, and competitive pay and paid time off
• Community: Award-winning culture of innovation and a military-friendly workplace.
• Our benefits package for all US-based employees includes a variety of medical plan options, some with Health Savings Accounts, dental plan options, a vision plan, and a 401(k) plan offering the ability to contribute both pre and post-tax dollars up to the IRS annual limits and receive a company match.
• To encourage work/life balance, GDIT offers employees full flex work weeks where possible and a variety of paid time off plans, including vacation, sick and personal time, holidays, paid parental, military, bereavement and jury duty leave.
• To ensure our employees are able to protect their income, other offerings such as short and long-term disability benefits, life, accidental death and dismemberment, personal accident, critical illness and business travel and accident insurance are provided or available.
• We regularly review our Total Rewards package to ensure our offerings are competitive and reflect what our employees have told us they value most.