IT Audit Lead/Internal Controls Tester

About The Position

Requirements

• Demonstrates knowledge and experience in IT risk and controls through IT audits, IT control assessments, and IT security reviews.
• Demonstrates a working knowledge of IT audit, the FISCAM, and other relevant federal information assurance laws, regulations, and guidance.
• Experience performing IT audits, OMB Circular A-123 or similar internal control assessments, and/or remediating and implementing IT controls is preferable.
• Experience testing or remediating some or all the following IT controls topic areas is preferable: Access and account management, Segregation of duties, Technical account management controls, Audit logging and monitoring, Configuration management, Change management, Contingency planning.

Nice To Haves

• Experience performing Federal Information System Controls Audit Manual (FISCAM), Financial Improvement Audit Remediation (FIAR) and Federal Information Security Management Act (FISMA) security reviews.
• CISA or CIA certification.
• 1-2 years of Federal or DOD IT audit experience.

Responsibilities

• Provide strategic direction for IT audit activities, ensuring alignment with enterprise risk management.
• Develop and maintain audit policies, procedures, and standard operating guidelines.
• Mentor, coach, and lead internal audit staff or contractors as applicable.
• Perform rigorous audits/assessments of IT controls using industry-standard guidance and leading practices.
• Perform walkthrough interviews and maintain communication with a variety of client stakeholders, including system personnel such as system and database administrators.
• Request, obtain, review, and analyze a variety of artifacts to assist in executing IT controls testing such as security plans, SOPs, system screenshots, and system configuration settings.
• Evaluate the design and operating effectiveness of IT controls using provided artifacts, industry-standard guidance, leading practices, and professional judgement.
• Professionally document the results of IT controls test work in a consistent and high-quality manner that would allow a reviewer to repeat the test and reach the same conclusion.
• Summarize and communicate IT controls assessment results to a variety of client stakeholders, including senior leadership personnel.
• Plan and execute day-to-day activities of IT controls assessments individually and for the team.
• Work with client personnel to understand and analyze known IT control weaknesses, identify root causes, and develop detailed, robust remediation plans.
• Provide subject matter expertise to client personnel on all matters relating to IT controls and respond to ad-hoc IT controls requests from client personnel.

Benefits

• Competitive salary range of $172,000 to $192,000 annually.
• Equal employment opportunities without discrimination.
• Comprehensive benefits package.