Sr. IT Auditor (Service Organization Controls/SOC experience)

About The Position

Requirements

• Bachelor's or Master's degree in a Business-related field
• Active Secret Clearance
• 5+ years of experience with ITGC and SOC Audits in the federal space
• Knowledge and ability to provide Quality Assurance (QA) review of IT control documentation, test plans, and Key Supporting (KSD) packages prior to submission for audit or Statement of Assurance purposes
• Knowledge of support testing of IT General Controls (ITGCs) which includes User Access Management (provisioning, de-provisioning, privileged access), Change Management, Configuration Management, System Interfaces, and Data Transfers
• Experience with Internal Controls Over Financial Systems (ICOFS) - Develop test plans to validate internal controls are in place for ICOFS/Complementary User Entity (CUECs)
• Understand A-123 Statement of Assurance IT requirements
• Understand Service Organization Controls (SOC) and Complementary User Entity Control (CUEC) assessments and implementation
• Understand FISCAM, NIST 800-53, and Federal financial system controls

Nice To Haves

• CPA (Certified Public Accountant)
• CDFM, CGFM/DoD FM Certification

Responsibilities

• Service provider identification and risk assessment
• Evaluation of service provider controls to address risks
• Completion of documentation and test of control design
• Development of test plans and completion of testing of control operating effectiveness
• Development and implementation of corrective actions
• Development and execution of ITGC test plans (Test of Design)
• Conduct (ToE)/(Test of Effectiveness (ToE)) procedures, including walkthroughs, sampling and evidence validation
• Validate completeness and accuracy of IT control populations and samples used for testing
• Support Statement of Assurance (SoA) IT inputs, including identification of IT risks, mapping of IT controls to financial reporting objectives, and documentation of IT control ownership
• Assist in drafting SoA narratives and flowcharts related to IT systems, including control descriptions risk statements, and remediation status
• Review SOC 1/ SOC 2 reports to identify CUEC applicable to the DoW Agency and support mapping of SOC controls to internal DoW Agency IT controls
• Review SOC 1/ SOC 2 reports to identify CUEC applicable to the DoW Agency
• Support mapping of SOC controls to internal DoW Agency IT controls and assist in documenting reliance strategies
• Conduct Audit Engagement support including development, QA review, validation, and submission of IT and business process documentation in response to audit Prepared By Client (PBC) requests
• Review Notice of Findings and Recommendations (NFRs) and develop or recommend Corrective Action Plans (CAPs) to remediate deficiencies and weaknesses
• Monitor and assess the implementation and validation of CAPs
• Provide Risk Management and Remediation to include providing expertise, recommendations, and industry best practices to support continuous improvements and increased feedback throughout the Audit Engagement and Audit Remediation processes, to include guidance, business rules, and process workflows
• Provide Audit Remediation Data Management using information provided by stakeholders
• Perform timely uploads or updates to CAP-related documentation in the designated audit remediation tool and provide an update to customer management
• Perform data analytics to assess the risk of misstatement from CAPs that are not fully remediated
• Assess remediation testing results to determine sufficiency of remediation procedures
• Conduct a review of Statements of Assurance (SOA) for accuracy and completeness as it relates to ICOFS. This includes providing advice and performing reviews, assessments, and a gap analysis to Federal Information Systems Control Audit Manual (FISCAM) requirements and NIST 800-53 standards and controls
• Develop, update, and review Memorandums of Understanding (MOUs) with service providers to include CUEC roles and responsibilities
• Perform ITGC testing (access management, change management, Configuration)
• Quality Assurance reviews of audit workpapers and control documentation

Benefits

• Employer-supported 401(k)
• World-class health benefits
• Paid vacation and holidays
• Performance bonuses
• Referral bonuses
• Profit-sharing bonus