IT Audit Lead – FISCAM & FISMA Compliance

About The Position

Requirements

• 10+ years leading IT audit and internal control programs in federal or highly regulated sectors; national security experience preferred
• Deep knowledge of FISCAM, FISMA, NIST SP 800-53, OMB A-123, and FMFIA requirements
• Demonstrated success supporting unqualified Statements of Assurance
• Strong communication skills with executive-level reporting experience
• Active security clearance (or eligibility), preferred
• Professional certifications such as CISA, or PMP highly desired
• High School Diploma/GED and 12 years of experience
• Bachelor’s degree and 5 years of experience

Nice To Haves

• Experience performing: Federal Information System Controls Audit Manual (FISCAM), Financial Improvement Audit Remediation (FIAR) and Federal Information Security Management Act (FISMA) security reviews
• CISA or CIA certification
• 1-2 years of Federal or DOD IT audit experience

Responsibilities

• Lead enterprise IT audits and internal control reviews across national security and high-impact federal systems, ensuring compliance with FISCAM and NIST standards.
• Oversee FISMA program execution, including control testing, POA&M management, risk scoring, and continuous monitoring activities.
• Manage annual Statement of Assurance development and governance of supporting evidence, risk ratings, and remediation outcomes.
• Direct audit planning, scoping, walkthroughs, and ITGC/ITAC testing for financial and operational systems.
• Translate complex cyber and IT risks into clear, actionable recommendations for senior leadership.
• Present audit results, dashboards, and remediation status to CIO organizations, Audit Committees, and oversight bodies.
• Build and mentor high-performing compliance and internal control teams; drive accountability and continuous improvement.
• Develop and mature enterprise IT governance frameworks, incorporating emerging risks, automation, and performance metrics.