Position Description:
- Lead audit initiatives to include tracking of external/internal audit request, observations, and walkthroughs.
- Conduct assessments, identify weaknesses, provide recommendations, and lead organization to close open audit findings from internal and external auditors.
- Perform IT audit assessments to include review of IT controls, testing, validation, and evaluations of risk level.
- Lead FFMIA and FISCAM related activities such as evaluating Access, Security, Configuration Management, Segregation of Duties, Contingency, and Business Application controls.
- Assist in the development of process improvement and procedures.
- Analyze software systems and document requirements per FIAR methodology.
- Recommend remediation and fix actions to close out audit findings.
- Monitor, track and obtain accurate and complete PBC request from internal and external auditors.
- Understand Federal Cyber Security processes and Risk Management Framework (RMF)
- Use of FISCAM control techniques and audit procedures
- Provide consultation on audit risk and compliance best practices and principles to network protocols, architectures, equipment, services, standards, and technology.
- Author documentation containing evaluation results and recommendations, product application guidelines, troubleshooting procedures, system schematics/diagrams, process diagrams, and others as required.
- Effectively communicate with program and project personnel conveying expertise in a format that can be understood and is accepted by all personnel.
- Assist with ongoing implementation of SAF/FM initiatives to include Identity, Credential, and Access Management (ICAM), Configuration Management Database/Enterprise Integration (CMDB/EI), System Information and Event Management (SIEM) and System Security.
Requirements:
- Knowledge and experience with OSD FIAR audit readiness requirements desired.
- Understands audit processes to include audit observations, walkthroughs, and coordination of audit meetings to include service providers
- Knowledge of SOC 1 Reports with understanding of Complementary User Entity Controls (CUEC)
- Minimum of 4 years of audit, accounting, or financial and management advisory services experience. Proficient knowledge of GAAP, GAAS, federal regulations, guidelines, standards and concepts, or other relevant industry practices pertaining to the engagement.
- Knowledge of application, database, and applicable Security Technical Implementation Guides (STIGs)
- Knowledge of ACAS, eMASS and DISA enclaves as service providers.
- Strong understanding of Oracle HR systems and ability to interpret SQL queries.
- Knowledge of system-oriented audit experience (FFMIA, FISCAM, USSGL, SFIS, FFMSR, FASAB, OMB Circular A-123 and IT NFR) with two years’ experience required.
- Experienced in the implementation of DoD and Federal security and IA requirements as outlined in DoDI 8500.2, and NIST 800-53
- Strong RMF and FISCAM experience
- Strong understanding of systems engineering; database administration; and/or application development Information Security consulting experience with demonstrated leadership skills desired
- Experience with DoD Ports, Protocols, and Services (PPS), PKI, and Information Assurance Vulnerability Management (IAVM) policies and standards desired.
Additional Information:
Must obtain and maintain a Secret level security clearance
Must maintain DOD 8570 required certification, CompTIA Security+ or equivalent
Must be able to work onsite as needed at government or contractor facility locations
Company Benefits:
Competitive health care package, vision, and dental, training expense, competitive PTO and Holidays.
3 Squared Technology Group is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.
Applicants selected will be subject to a U.S. government security investigation and must meet eligibility requirements for access to classified information.