Senior IT Risk and Controls Consultant

About The Position

Requirements

• Must be able to OBTAIN and MAINTAIN a Federal or DoD "SECRET" security clearance; candidates must obtain approved adjudication of clearance prior to onboarding with Guidehouse. Candidates with an ACTIVE "SECRET" or higher-level clearance are preferred.
• Bachelor’s Degree; FOUR (4) years or more of relevant financial management experience may be used in lieu of bachelor’s degree
• THREE (3) or more years of experience in Financial Management
• Relevant experience to IT controls, financial management, auditing, internal controls and/or federal financial policy

Nice To Haves

• Certified Information Systems Auditor (CISA) certification
• Demonstrates knowledge and experience in IT risk and controls through IT audits, IT control assessments, and IT security reviews.
• Demonstrates a working knowledge of IT audit, the FISCAM, and other relevant federal information assurance laws, regulations, and guidance.
• Experience supporting an internal control program, SOC 1 Reports and CUECs
• Experience performing IT audits, OMB Circular A-123 or similar internal control assessments, and/or remediating and implementing IT controls is preferable.

Responsibilities

• Performing rigorous audits/assessments of IT controls using industry-standard guidance and leading practices
• Performing walkthrough interviews and maintaining communication with a variety of client stakeholders, including system personnel such as system and database administrators
• Requesting, obtaining, reviewing, and analyzing a variety of artifacts to assist in executing IT controls testing such as security plans, SOPs, system screenshots, and system configuration settings
• Evaluating the design and operating effectiveness of IT controls using provided artifacts, industry-standard guidance, leading practices, and professional judgment
• Professionally documenting the results of IT controls test work in a consistent and high-quality manner that would allow a reviewer to repeat the test and reach the same conclusion
• Collaborating with process owners to map key business workflows (e.g., Procure-to-Pay, Order-to-Cash), identify risks, and assess the effectiveness of embedded controls like reconciliations, approvals, and segregation of duties.
• Planning and executing assessments of automated and manual controls within key business applications, including input/output validations, data integrity checks, and role-based access configurations to ensure data is processed accurately and securely.
• Reviewing and analyzing SOC 1 reports from third-party service providers to understand the control environment and identify potential risks to the Department.
• Identifying and testing Complementary User Entity Controls (CUECs) required by service provider SOC 1 reports to ensure our responsibilities are met.
• Summarizing and communicating IT controls assessment results to a variety of client stakeholders, including senior leadership personnel
• Evaluating the overall internal control framework, identify deficiencies, and develop and track remediation plans.
• Prepare clear and concise reports for leadership on the status of the control environment.
• Planning and executing day-to-day activities of IT controls assessments individually and for the team

Benefits

• Medical, Rx, Dental & Vision Insurance
• Personal and Family Sick Time & Company Paid Holidays
• Position may be eligible for a discretionary variable incentive bonus
• Parental Leave and Adoption Assistance
• 401(k) Retirement Plan
• Basic Life & Supplemental Life
• Health Savings Account, Dental/Vision & Dependent Care Flexible Spending Accounts
• Short-Term & Long-Term Disability
• Student Loan PayDown
• Tuition Reimbursement, Personal Development & Learning Opportunities
• Skills Development & Certifications
• Employee Referral Program
• Corporate Sponsored Events & Community Outreach
• Emergency Back-Up Childcare Program
• Mobility Stipend