IT Auditor

Join a team where innovation meets mission. Our AI, cloud, cyber, and modernization solutions save agencies thousands of hours, safeguard national security, and strengthen health and humanitarian missions worldwide. With 1,700+ team members, 1,500+ AI/data experts, and 100+ prime contracts, we deliver at scale and with purpose.

We’ve been recognized as a Top Workplace by the Washington Post for six straight years and named to the Inc. 5000 Fastest Growing Private Companies 13 of the past 14 years. Credence is a welcoming home for those looking to grow and contribute to positive change. We encourage all employees to expand beyond their boundaries, dive into important world-changing Federal challenges.

Credence has an immediate for an IT Auditor specializing in the General Fund Enterprise Business System (GFEBS). GFEBS is the Army’s web-based enterprise resource planning (ERP) system, based on SAP, which manages the vast majority of the Army’s General Fund.

The IT Auditor is responsible for evaluating the design and operating effectiveness of Information Technology General Controls (ITGCs) and application controls within the GFEBS environment. This role ensures the integrity, availability, and confidentiality of financial data to support the Army’s Audit Readiness goals and compliance with the Federal Financial Management Improvement Act (FFMIA).

GFEBS is a financial management, web-based, System Analysis and Software Development (SAP) enterprise resource program (ERP). The General Fund Enterprise Business System - Sensitive Activities (GFEBS-SA) is a fully functional GFEBS application operating on SIPRNet with additional security requirements to protect national security information. It enables the final retirement of legacy core financial systems, while integrating seamlessly with GFEBS to provide secure, web-based, real-time data to the Army’s Sensitive Activities. Fully fielded, GFEBS replaced or absorbed more than 80 legacy accounting and asset management systems. GFEBS has been fully migrated to the Amazon Web Services (AWS) commercial cloud and is operated through the Army Shared Service Center (ASSC) for sustainment.

GFEBS is fully fielded to Army and DoD organizations around the world. The Product Office continues to develop and field enhancements to the system to facilitate a clean audit and strengthen overall system security.

Responsibilities:

• Internal Control Testing: Conduct rigorous testing of GFEBS controls, specifically focusing on the "Big Three" of ERP auditing:
• User Access Management: Provisioning, de-provisioning, and periodic access reviews.
• Segregation of Duties (SoD): Identifying and mitigating conflicting roles within SAP GRC (Governance, Risk, and Compliance).
• Change Management: Ensuring system updates and configuration changes follow the proper transport path without unauthorized alterations.
• System Interface Auditing: Evaluate the security and data integrity of automated interfaces between GFEBS and peripheral systems (e.g., ATAAPS for payroll, SPS for procurement).
• Audit Liaison & Support: Serve as a focal point for external auditors (e.g., GAO, AAA, or Independent Public Accounting firms). Prepare "Provided by Client" (PBC) samples and explain complex system workflows.
• Risk Assessment: Identify vulnerabilities in the GFEBS landscape, including SAP HANA database security and cloud infrastructure hosting.
• Remediation Tracking: Monitor the status of Notice of Findings and Recommendations (NFRs) and assist functional owners in developing Corrective Action Plans (CAPs).

Requirements

• Bachelor’s degree in Information Systems, Accounting, Cybersecurity, Computer Science, or a related discipline.
• Security Clearance – Secret (with ability to obtain a TS)
• Experience: 3+ years in IT Audit, with specific experience in SAP environments.
• 3+ years of relevant experience supporting audits conducted by DoDIG, GAO, Army Audit Agency, or external auditors.
• 3+ years of relevant experience in IT auditing. Cybersecurity, compliance, and risk management experience a plus.
• Certifications: CISA (Certified Information Systems Auditor) is highly preferred; CISSP or CIA is a plus.
• Tools: Proficiency in SAP GRC, BI/BW reporting, and Data Analytics tools (ACL, IDEA, or SQL).

Technical Knowledge:

• Familiarity with NIST SP 800-53 controls and the FISCAM (Federal Information System Controls Audit Manual) framework.
• Familiarity with Generally Accepted Government Auditing Standards (GAGAS)
• Understanding of federal internal control frameworks such as OMB A-123, FISCAM, NIST SP 800-53/800-37, and RMF.

Specific GFEBS Knowledge Areas

• To be successful in this role, the candidate should understand the following GFEBS modules and how they impact financial reporting:
• FI/CO: Financial Accounting and Controlling.
• Spending Chain: Purchase Requisitions to Payments.
• Reimbursables: Debt Management and Customer Orders.
• Property, Plant, & Equipment (PP&E): Accountability of Army assets.

Preferred Qualifications

• Experience supporting Army organizations such as CIO/G-6, ASA(FM&C), DFAS, or Army Materiel Command.
• Familiarity with Army enterprise environments including ERP systems (e.g., GFEBS, LMP, GCSS-Army).
• Proficiency in evaluating and implementing cybersecurity controls and audit strategies across complex IT environments.

Working Conditions and Physical Requirements:

Majority of work currently remote, occasional travel to client and/or customer/stakeholder location within the Washington DC Metro area.

Benefits

• Health Care Plan (Medical, Dental & Vision)
• Retirement Plan (401k, IRA)
• Life Insurance (Basic, Voluntary & AD&D)
• Paid Time Off (Vacation, Sick & Public Holidays)
• Family Leave (Maternity, Paternity)
• Short Term & Long Term Disability
• Training & Development
• Work From Home
• Wellness Resources