IT Auditor

Signature Performance, Inc.

16d

About The Position

Plan, execute, and report on audits of IT systems, applications, infrastructure, and processes to assess internal controls and regulatory compliance. Evaluate the design and operating effectiveness of technical and administrative controls, including access management, configuration management, and data integrity. Ensure audit documentation, testing evidence, and workpapers are complete, traceable, and aligned with applicable frameworks (e.g., NIST 800-53, HIPAA, CMMC, FedRAMP, HITRUST). Identify risks, control deficiencies, and opportunities for improvement; develop actionable remediation recommendations. Partner with IT operations, information security, and business stakeholders to communicate audit results and support resolution plans. Monitor changes in technology risk, emerging threats, and compliance requirements to adapt audit plans accordingly. Contribute to improvements in audit methodology and the effective use of GRC tools to streamline audit processes and reporting.

Requirements

Eligibility for a NACLC DoD Security Clearance.
Bachelor's degree in Information Systems, Computer Science, or related discipline (or equivalent work experience).
4--6 years of experience performing IT audits, control testing, or risk assessments within regulated or security-conscious environments.
Active Certified Information Systems Auditor (CISA) credential.
Hands-on experience using enterprise GRC platforms such as Onspring, RSA Archer, or ServiceNow GRC.
Strong knowledge of NIST frameworks, including NIST 800-53 and the NIST Cybersecurity Framework.
Familiarity with Federal Information Processing Standards (FIPS) and Federal or healthcare-specific compliance programs (HIPAA, FISMA, CMMC, FedRAMP, HITRUST).
Excellent analytical, problem-solving, and verbal/written communication skills.

Nice To Haves

Experience working in or auditing federal or healthcare environments.
Understanding of secure system development, cloud security controls, and vulnerability management practices.
Exposure to automation or data analytics tools used in audit functions.

Responsibilities

Plan, execute, and report on audits of IT systems, applications, infrastructure, and processes to assess internal controls and regulatory compliance.
Evaluate the design and operating effectiveness of technical and administrative controls, including access management, configuration management, and data integrity.
Ensure audit documentation, testing evidence, and workpapers are complete, traceable, and aligned with applicable frameworks (e.g., NIST 800-53, HIPAA, CMMC, FedRAMP, HITRUST).
Identify risks, control deficiencies, and opportunities for improvement; develop actionable remediation recommendations.
Partner with IT operations, information security, and business stakeholders to communicate audit results and support resolution plans.
Monitor changes in technology risk, emerging threats, and compliance requirements to adapt audit plans accordingly.
Contribute to improvements in audit methodology and the effective use of GRC tools to streamline audit processes and reporting.