IT Controls/Audit Remediation Senior Consultant shall help optimize and execute IT controls program workstreams: IT Controls Testing, Remediation, Audit Coordination Support, and Ad-hoc activities (e.g., enterprise governance, data calls, and DHS deliverables). Responsibilities include supporting planning, testing, remediating, and monitoring IT controls across a fast-paced annual cycle. The combination of on-site (2-days a week minimum) and remote work require high agility to changing priorities. Ideal highly driven candidates will excel at peer-collaboration, leading tasks, holding client meetings, being resourceful, condensing ideas, and communication. Significant client support growth is expected.
Day-to-day tasks include some or all of the following:
- Performing rigorous assessments of IT controls using industry-standard guidance and leading practices.
- Performing walkthrough interviews and maintaining communication with a variety of client stakeholders, including system personnel such as system and database administrators.
- Requesting, obtaining, reviewing, and analyzing a variety of artifacts to assist in executing IT controls testing such as security plans, SOPs, system screenshots, and system configuration settings.
- Evaluating the design and operating effectiveness of IT controls using provided artifacts, industry-standard guidance, leading practices, and professional judgment.
- Professionally documenting the results of IT controls test work in a consistent and high-quality manner that would allow a reviewer to repeat the test and reach the same conclusion.
- Summarizing and communicating IT controls assessment results to a variety of client stakeholders, including senior leadership personnel.
- Planning and executing day-to-day activities of IT controls assessments individually and for the team.
- Working with client personnel to understand and analyze known IT control weaknesses, identify root causes, and develop detailed, robust remediation plans.
- Providing subject matter expertise to client personnel on all matters relating to IT controls and responding to ad-hoc IT controls requests from client personnel.
- Developing/updating policies and procedures.
- Support audit coordination processes including developing auditor training/troubleshooting, tracking PBCs, risk monitoring and escalation, and helping refute/defend against findings.
- Create and deliver client work products to workstream lead or team lead with minimal rework required, in accordance with project plans.
- Apply FISCAM, NIST, DHS, and USCG guidance, and audit knowledge/expertise when assisting with development of solutions and providing recommendations to client.
Minimum Requirements:
- 3-5 years of IT General Control Testing Experience within an A-123 Compliance environment across all FISCAM Control Families.
- BA or BS degree.
- Ability to obtain a Security Clearance.
- Must be legally authorized to work in the United States without the need for employer sponsorship, now or at any time in the future.
Preferred Experience:
- Demonstrates experience with and knowledge of federal IT guidance in relation to internal controls (IT General Controls preferred but Business Processes acceptable).
- Demonstrates abilities and success with analyzing IT processes to identify control gaps and improvement opportunities, facilitating audit requests, and planning and performing tests of controls.
- Demonstrates abilities and success with identifying and addressing client needs: actively participating in client discussions and meetings; communicating a broad range of Firm services; and preparing concise, accurate work products that add value to the client.
- Demonstrates abilities to create and contribute to a positive team environment by monitoring workloads of the team, while meeting client expectations; providing candid, meaningful feedback in a timely manner; keeping leadership informed of progress and issues.
- Active Security Clearance.
ADDITIONAL TECHNICAL SKILLSETS:
- Demonstrates knowledge and experience in IT risk and controls through IT audits, IT control assessments, and IT security reviews. Demonstrates a working knowledge of FISMA, NIST SP 800 series, FISCAM, and other relevant federal information assurance laws, regulations, and guidance. Experience performing OMB Circular A-123 or similar internal control assessments and/or remediating and implementing IT controls is preferable.
- Experience testing or remediating some or all of the following IT controls topic areas is preferable:
- Access and account management, including authorization, provisioning, recertification, and separation.
- Segregation of duties, including identifying and defining segregation of duties risks and conflicts, preventive and detective segregation of duties controls, and understanding the difference between the segregation of duties and least privilege.
- Technical account management controls, such as password length, complexity, and expiration.
- Audit logging and monitoring, including generation of audit logs, use of audit log aggregation and analysis tools, and audit log monitoring and review.
- Configuration management, including configuration baseline concepts, baseline deviations, baseline maintenance, monitoring for ongoing compliance with a baseline, and industry-accepted baselines such as DISA STIGs and CIS benchmarks.
- Change management, including authorization, development, testing, and deployment of changes.
- Contingency planning, including backups, testing of backups, and alternate sites.
#J-18808-Ljbffr