IT Audit Lead/Internal Controls Tester en E-volve Technology Systems, Inc.

IT Audit Lead/Internal Controls Tester
Reston, VA

Security Clearance Requirement: Current TS/SCI
Location Note: On-Site Support Required

Position Description:

An IT Audit Lead/Internal Controls Tester is responsible for overseeing the planning, coordination, and execution of audit projects to ensure compliance with IT standards, policies, and regulations. They provide guidance to the audit team and manage project timelines.  Responsibilities also include testing of internal controls over financial systems, assessing the internal controls and risks of the agency's financial system, assessment of financial management policies for compliance, preparation of audit reports and NFR's, identifying weaknesses in the system and creating an action plan to ensure compliance with NIST guidelines and standards.


Duties & Responsibilities:
The It Audit Lead/Internal Controls Tester will have a role in working directly with clients and other organizational stakeholders to support IT internal control efforts, including audits/assessments, remediation, and other ad-hoc efforts. Specific duties and responsibilities:
 

• Provide strategic direction for IT audit activities, ensuring alignment with enterprise risk management.
• Develop and maintain audit policies, procedures, and standard operating guidelines.
• Mentor, coach, and lead internal audit staff or contractors as applicable.

• Performing rigorous audits/assessments of IT controls using industry-standard guidance and leading practices
• Performing walkthrough interviews and maintaining communication with a variety of client stakeholders, including system personnel such as system and database administrators
• Requesting, obtaining, reviewing, and analyzing a variety of artifacts to assist in executing IT controls testing such as security plans, SOPs, system screenshots, and system configuration settings
• Evaluating the design and operating effectiveness of IT controls using provided artifacts, industry-standard guidance, leading practices, and professional judgement
• Professionally documenting the results of IT controls test work in a consistent and high-quality manner that would allow a reviewer to repeat the test and reach the same conclusion
• Summarizing and communicating IT controls assessment results to a variety of client stakeholders, including senior leadership personnel
• Planning and executing day-to-day activities of IT controls assessments individually and for the team
• Working with client personnel to understand and analyze known IT control weaknesses, identify root causes, and develop detailed, robust remediation plans
• Providing subject matter expertise to client personnel on all matters relating to IT controls and responding to ad-hoc IT controls requests from client personnel

• Demonstrates knowledge and experience in IT risk and controls through IT audits, IT control assessments, and IT security reviews. Demonstrates a working knowledge of IT audit, the FISCAM, and other relevant federal information assurance laws, regulations, and guidance.
• Experience performing IT audits, OMB Circular A-123 or similar internal control assessments, and/or remediating and implementing IT controls is preferable. Experience testing or remediating some or all the following IT controls topic areas is preferable:
• Access and account management, including authorization, provisioning, recertification, and separation
• Segregation of duties, including identifying and defining segregation of duties risks and conflicts, preventive and detective segregation of duties controls, and understanding the difference between segregation of duties and least privilege
• Technical account management controls, such as password length, complexity, and expiration
• Audit logging and monitoring, including generation of audit logs, use of audit log aggregation and analysis tools, and audit log monitoring and review
• Configuration management, including configuration baseline concepts, baseline deviations, baseline maintenance, monitoring for ongoing compliance with a baseline, and industry-accepted baselines such as DISA STIGs and CIS benchmarks
• Change management, including authorization, development, testing, and deployment of changes
• Contingency planning, including backups, testing of backups, and alternate sites 

• Experience performing: Federal Information System Controls Audit Manual (FISCAM), Financial Improvement Audit Remediation (FIAR) and Federal Information Security Management Act (FISMA) security reviews
• CISA or CIA certification
• 1-2 years of Federal or DOD IT audit experience

• High School Diploma/GED and 12 years of experience
• Bachelor’s degree and 5 years of experience