IT Auditor - Mid

About The Position

Requirements

• Must meet contract requirements for Citizenship/Work Authorization.
• Ability to obtain and maintain SEC Public Trust (or higher if required) clearance.
• Bachelor's degree.
• 8+ years of experience in IT auditing, vulnerability assessment, and audit remediation in enterprise IT environments.
• Minimum 5 years of related experience as an IT auditor performing vulnerability assessments and audit remediation, specializing in business process engineering.
• Experience assessing system and database vulnerabilities.
• Experience recording vulnerabilities and documenting requirements needed to remediate vulnerabilities.
• IT auditing focused on vulnerability assessments and audit remediation
• Business process engineering for remediation of vulnerabilities identified during vulnerability assessments
• System and database vulnerability assessment and analysis
• Vulnerability recording and remediation requirement documentation

Nice To Haves

• Experience supporting SEC or other federal civilian agency cybersecurity/compliance programs.
• Working knowledge of NIST/FISMA risk management practices in regulated environments.
• Experience managing remediation against CISA Known Exploited Vulnerabilities (KEV) timelines.
• Hands-on experience with enterprise ticketing/reporting platforms (e.g., ServiceNow) for audit and remediation workflows.
• Ability to coordinate cross-functional remediation across hybrid infrastructure, applications, and database platforms.
• CISA
• CISSP
• CGRC (CAP)

Responsibilities

• Perform vulnerability assessments across SEC-supported systems and databases.
• Review and analyze vulnerability reports, validate findings, and assess severity and operational impact.
• Coordinate with infrastructure, application, and database teams to prioritize and remediate identified vulnerabilities.
• Maintain visibility into open vulnerabilities and track progress through remediation and closure.
• Support remediation of audit findings from Inspector General iCFR, FISMA, GAO, and SEC OIT Security audits.
• Triage new findings to determine ownership, remediation path, and required resources.
• Develop and maintain corrective action plans and POA&M tracking to closure.
• Validate remediation evidence and document completed actions to support audit closeout.
• Perform business process engineering for remediation of vulnerabilities found during vulnerability assessments.
• Document remediation requirements, dependencies, and control updates needed to address findings.
• Align remediation activities with SEC change control practices, SOPs, and security policies.
• Identify process weaknesses and implement improvements to reduce introduction of new vulnerabilities.
• Record vulnerabilities, remediation tasks, and status updates in approved tracking/ticketing workflows.
• Produce recurring reports on remediation status, risk posture, and aging findings.
• Prepare audit artifacts and supporting documentation for compliance reviews and inspections.
• Communicate risks, issues, and remediation progress to SEC stakeholders and program leadership.

Benefits

• competitive compensation
• Health and Wellness programs
• Income Protection
• Paid Leave
• Retirement