IT AUDIT LEAD/INTERNAL CONTROLS TESTER (CI POLYGRAPH REQUIRED)
The It Audit Lead/Internal Controls Tester will have a role in working directly with clients and other organizational stakeholders to support IT internal control efforts, including audits/assessments, remediation, and other ad-hoc efforts. Specific duties and responsibilities:
- Provide strategic direction for IT audit activities, ensuring alignment with enterprise risk management.
- Develop and maintain audit policies, procedures, and standard operating guidelines.
- Mentor, coach, and lead internal audit staff or contractors as applicable .
- Performing rigorous audits/assessments of IT controls using industry-standard guidance and leading practices
- Performing walkthrough interviews and maintaining communication with a variety of client stakeholders, including system personnel such as system and database administrators
- Requesting, obtaining, reviewing, and analyzing a variety of artifacts to assist in executing IT controls testing such as security plans, SOPs, system screenshots, and system configuration settings
- Evaluating the design and operating effectiveness of IT controls using provided artifacts, industry-standard guidance, leading practices, and professional judgement
- Professionally documenting the results of IT controls test work in a consistent and high-quality manner that would allow a reviewer to repeat the test and reach the same conclusion
- Summarizing and communicating IT controls assessment results to a variety of client stakeholders, including senior leadership personnel
- Planning and executing day-to-day activities of IT controls assessments individually and for the team
- Working with client personnel to understand and analyze known IT control weaknesses, identify root causes, and develop detailed, robust remediation plans
- Providing subject matter expertise to client personnel on all matters relating to IT controls and responding to ad-hoc IT controls requests from client personnel
Job Requirements:
- Demonstrates knowledge and experience in IT risk and controls through IT audits, IT control assessments, and IT security reviews. Demonstrates a working knowledge of IT audit, the FISCAM, and other relevant federal information assurance laws, regulations, and guidance.
- Experience performing IT audits, OMB Circular A-123 or similar internal control assessments, and/or remediating and implementing IT controls is preferable. Experience testing or remediating some or all the following IT controls topic areas is preferable:
- Access and account management, including authorization, provisioning, recertification, and separation
- Segregation of duties, including identifying and defining segregation of duties risks and conflicts, preventive and detective segregation of duties controls, and understanding the difference between segregation of duties and least privilege
- Technical account management controls, such as password length, complexity, and expiration
- Audit logging and monitoring, including generation of audit logs, use of audit log aggregation and analysis tools, and audit log monitoring and review
- Configuration management, including configuration baseline concepts, baseline deviations, baseline maintenance, monitoring for ongoing compliance with a baseline, and industry-accepted baselines such as DISA STIGs and CIS benchmarks
- Change management, including authorization, development, testing, and deployment of changes
- Contingency planning, including backups, testing of backups, and alternate sites
- Experience performing: Federal Information System Controls Audit Manual (FISCAM), Financial Improvement Audit Remediation (FIAR) and Federal Information Security Management Act (FISMA) security reviews
- CISA or CIA certification
- Federal or DOD IT audit experience
Recommended Jobs
Information Warfare - Experimentation Research Analyst
Experimentation Research Analyst JANUS Research Group is currently hiring an Experimentation Research Analyst who will support the Navy Warfare Development Center at Norfolk, VA. The Navy Warfare D…
Lead Software Engineer, Salesforce (Bank Tech)
Manager, Platform Operations Risk Management Do you like working in the spotlight? Are you ready to work on the front line of a top 10 Bank? Can you build relationships as well as develop and…
Case Worker
Case Worker JOB-10044946 Anticipated Start Date October 20, 2025 Location New York, NY Type of Employment Contract Hire Employer Info Our client provides top-r…
Full Stack Developer TS/SCI w/ Poly, $110 - $200K + 15% 401k
Full-time Description About Millennial Software: Millennial Software is revolutionizing the landscape of security and defense by leveraging our core competencies in software developmen…
Administrative Assistant Norfolk MSC
Administrative Assistant Norfolk MSC Location Norfolk, VA : The Administrative Assistant position at Military Sealift Command (MSC) in Norfolk is responsible for performing a variety of administrativ…
Senior Program / Project Analyst
Job Description Job Description Neany Inc., headquartered in California, Maryland is currently looking to hire Senior Program /Project Analyst to support the Office of the Under Secretary of D…
Staff and Office Manager
Staff and Office Manager SG2 Recruiting is supporting our client, Orr Partners , in finding a Staff and Office Manager. This role is essential for the smooth functioning of the office, employee…
Insurance Follow Up Specialist
Responsibilities Universal Health Services (UHS), one of the nation’s largest and most respected providers of hospital and healthcare services, has 400 acute care hospitals, behavioral health fa…
FP&A Manager POST NUMBER: 439210
Vaco Financial specializes in the permanent placement of accounting and finance professionals of all levels and industries. We have a team of experienced accounting professionals on staff that makes …
Senior Medical Laboratory Scientist
City/State South Boston, VA Work Shift First (Days) Overview: Performs laboratory testing and interprets test results using scientific knowledge and principles of test procedures and di…