Senior IT Auditor- FedRAMP

Schellman

About The Position

Schellman is a Top 50 CPA firm and a leading provider of attestation and compliance services. Our professional services focus on security and privacy audits, assessments, and certifications. Schellman has become one of the largest cybersecurity assessment firms in the United States without providing any traditional accounting services. We are an accredited multi-framework ISO Certification Body for security, privacy, business continuity, and quality; a globally licensed PCI Qualified Security Assessor and a top provider to clients serving the federal DoD space as a leading FedRAMP 3PAO and the first assessment firm authorized as a CMMC C3PAO. Our specialty and expertise remain in providing best in class Cybersecurity and IT Audits and Attestations. Our culture, approach with clients, and dedication to our values has led us to consistently be a Great Places to Work certified company and rated as a Best Firms to Work For by Accounting Today and a Glassdoor Best Places to Work. We deeply appreciate our employees, as shown by our first core value – People Come First. This is demonstrated in our culture, benefits, and how we handle business. Come see what makes Schellman special! JOB SUMMARY Senior associates are primarily responsible for hands-on project execution. Experienced senior associates have, or are working towards, specialization in one or more service lines and are assigned to projects accordingly. Senior associates are assigned to a specific service delivery principal that is responsible for supervising the associate’s career development. Additionally, senior associate’s daily activities are closely supervised by the management teams of their assigned projects. Senior associates may supervise associates and/or senior associates when serving as a member of a project management team. As a FedRAMP Senior Associate at Schellman, you'll be able to work with the latest cloud services and technology companies, all of which are looking to test their systems against the tried and true prescriptive controls provided by NIST 800-53. FedRAMP Senior Associates perform a variety of responsibilities from start to finish during a project, including: Interviewing clouds service providers (CSP) Subject Matter Experts for different fields of the organization such as Human Resources, SecDevOps, SOC/NOC, and Internal Compliance; Performing walkthroughs of various cloud infrastructure-as-a-service architectures (e.g., AWS, Azure, or OCI); Reviewing system security configurations as they pertain to NIST 800-53 security control baselines; and Analyzing vulnerability reports, validating encryption configurations, and much more! Working in Schellman’s Federal Practice will lead to the natural honing of your technical skills in a variety of fields including cryptography, network structures, system security tools, and CI/CD. You’ll also improve your understanding of organizational controls such as security training programs, configuration management/ system development, and incident response processes. But more than that, a career at Schellman will also support outside opportunities for further education through additional training and the pursuit of industry-accepted certifications such as CISA, CISSP, and others.

Requirements

Working knowledge of Schellman’s services, methodology, and relevant professional standards
Requisite knowledge of applicable technology and security domains
High level of attention to detail and quality of work product
Client service oriented
Excellent time management, organizational, and verbal and written communication skills
Ability to work on-site or remotely as a valuable contributor to a collaborative team
Capable of simultaneously managing assigned tasks for multiple projects
Proficient using Microsoft Word, Excel, and PowerPoint, as well as Schellman’s service delivery applications
Full understanding and application of ethics, independence and Schellman’s values
Bachelor's degree in accounting, finance, business management, technology, or other relevant subject area, or equivalent years of experience directly related to the duties and responsibilities specified
Has completed at least one year of service at Schellman or relevant professional services experience in financial auditing, operational auditing, information systems auditing, internal auditing, information security management or consulting and/or risk consulting
Maintains one or more of the following FedRAMP required R311 certifications: Cisco Certified Network Associate Security (CCNA Security) Cisco Certified Network Associate Cyber Security Operations (CCNA Cyber Ops) Cybersecurity Analyst (CySA+) GIAC Certified Incident Handler (GCIH) GIAC Systems and Network Auditor (GSNA) GIAC Certified Intrusion Analyst (GCIA) Certified Information Systems Auditor (CISA) Certified Information System Security Professional or Associate (CISSP or Associate) Certified Secure Software Lifecycle Professional (CSSLP) Certified Information Systems Security Officer (CISSO) CyberSec First Responder (CFR) CompTIA Advanced Security Practitioner Continuing Education (CASP+) Continuing Education (CE) CompTIA Cloud+ (Cloud+) Global Industrial Cyber Security Professional (GICSP) Securing Cisco® Networks with Threat Detection Analysis (SCYBER)

Responsibilities

Complying with Schellman’s code of ethics and professional conduct, methodologies, policies, and procedures
Adhering to the professional and regulatory standards relevant to assigned service line specialization(s)
Promoting Schellman’s company culture and exemplifying Schellman's values
Establishing high quality relationships and rapport with client personnel
Managing client expectations to ensure expectations are exceeded
Completing assigned duties in a timely manner and with a high attention to detail
Collaborating with fellow project team members in a productive and timely manner throughout the life cycle of each project
Adhering to project schedules and keeping fellow project team members apprised of the progress of assigned tasks
Escalating issues internally in a proper and timely manner
Using discretion and decorum in the timing, form, and content of all client communications
Booking travel reservations in a timely manner and in accordance with Schellman's travel and expense policies and procedures
Performing the essential functions of other service delivery positions when qualified and called upon to do so
Attending project kick-off and closing meetings
Executing assigned testing procedures, performing detailed analysis, reaching conclusions, documenting results in accordance with company standards, and suggesting ideas for improvements, where applicable
Drafting project deliverables
Serving as a contact for clients' basic questions regarding an engagement
Participating in recruiting and candidate interview activities
Training project team members
Acclimating newer team members to Schellman
Contributing to Schellman's practice development efforts
Developing an expert knowledge of professional and regulatory standards relevant to assigned service line specialization(s)
Contributing to Schellman's thought leadership (e.g., articles, webinars, public speaking, etc.)