IT Audit Specialist

About The Position

Requirements

• Must be a U.S. Citizen with the ability to pass CBP background investigation, criteria will include:
• 3-year check for felony convictions
• 1-year check for illegal drug use
• 1-year check for misconduct such as theft or fraud
• College degree (B.S., M.S.) in Computer Information Systems, Finance or a related discipline
• Certifications: minimum Security+ CE or equivalent, CISSP, CISM or CISA preferred
• Professional Experience: Five plus (5+) years related to technical experience with IT Financial Audit or FISCAM compliance
• Must be available to work onsite in Ashburn, VA one day per week.
• Supporting and using security provisioning, monitoring, and compliance tools
• Applying established cybersecurity principles, standards, and frameworks
• Analyzing moderately complex security and compliance issues and recommending practical solutions
• Supporting implementation of FISCAM, RMF, and NIST security controls
• Assisting with compliance efforts tied to OMB Circular A-123
• Working effectively with cross-functional Agile teams
• Communicating clearly in writing and verbally with both technical and non-technical audiences
• Being detail-oriented, dependable, and collaborative while continuing to grow your technical skill set
• Working in a hybrid environment with an on-site presence in Ashburn, VA

Nice To Haves

• Experience as SAP Security Administrator
• Experience on an audit team for an IPA
• Knowledge for GRC tools to enhance compliance such as Greenlight and SAP GRC
• Experience as an Information System Security Officer (ISSO) for a system

Responsibilities

• Support implementation of the Technical Audit Sustainment Program strategy
• Assist developers with understanding and meeting FISCAM compliance
• Enable assurance for information security during all phases of agile system development and deployment
• Help ensure information security is incorporated throughout Agile development and deployment
• Support security controls for SAP and custom financial support systems
• Assess system lifecycle requirements and identify potential security impacts
• Assist with vulnerability scanning, security hardening, and remediation efforts
• Support certification and security configuration of development environments
• Collaborate with SAP Security Administrators to support separation of duties, access controls, and audit functionality
• Assist with responding to auditor Requests for Information (RFIs) and assembling Provided by Client (PBC) documentation
• Contribute to development of Corrective Action Plans (CAPs) in response to audit findings or Notifications for Record (NFRs)
• Support evaluation of SAP GRC and other GRC tools in coordination with security administrators
• Help maintain system security posture, including audit tracking, security documentation, and reaccreditation activities
• Monitor approved software usage and support compliance with approved security tools and configurations
• Assist CBP in maintaining compliance with OMB Circular A-123 internal control requirements
• Apply information security practices in accordance with DHS and CBP security policies

Benefits

• healthcare
• wellness
• financial
• retirement
• family support
• continuing education
• time off benefits