DAn Solutions Inc
IT Audit Advisory Consultant/FISCAM Subject Matter Expert (SME)
DAn Solutions Inc, Herndon, Virginia, United States, 22070
REQUIRES AN EXISTING/ACTIVE TS/SCI WITH CI POLYGRAPH - NO REMOTE WORK MUST WORK ON SITE
Position description: Seeking an IT Audit Advisory Consultant/FISCAM Subject Matter Expert (SME). The IT Audit Advisory Consultant will support Financial Improvement and Audit Readiness (FIAR) activities to establish and drive sustainable and auditable financial and IT processes.
The candidate will be responsible for: •Design, develop, and implement IT corrective action plans (CAPs) for self-identified deficiencies (SIDs) and external IPA findings •Perform CAP validation testing for completed remediation activities •Perform baseline review assessments (e.g., FISCAM) to assess system readiness and remediate identified deficiencies •Monitor, track, and report on IT CAP statuses and third-party risk management (e.g., service providers) •Develop risk-based approaches for prioritization of IT findings •Perform advisory services for risk management framework (RMF) activities to support system team IT control implementations in accordance with financial management overlay •Integrate leading practices for IT audit remediation
Required Qualifications: •Must be a U.S. Citizen •Active TS/SCI clearance adjudication, and ability to pass a CI poly •8 years of relevant experience and a Bachelor's degree appliable to the position from an accredited college or university is required. A Master's degree relevant to the position may be substituted for two (2) years of additional experience. Four (4) years of additional IT audit advisory experience may be substituted for a bachelor's degree. •Experience with effective policy, instruction, and development for Federal or DoD Information Security Programs •Experience with risk analysis and assessment determinations incorporating system/mission owner, and unique operational constraints •Experience with Xacta •Ability to understand IT audit finding recommendations to translate those requirements to functional/technical stakeholders •Ability to understand business processes to develop and implement new controls to mitigate or remediate identified IT audit gaps
Preferred Qualifications: •Ability to learn IT general controls (ITGC), Financial Information System Control Audit Manual (FISCAM), and National Institute of Standards and Technology Special Publication (NIST) 800-53v4 •Experience with Security Control Assessment in compliance with NIST SP 800- 37, NIST SP 800-53, NIST SP 800-53A, and other NIST 800 guide series •Experience with DISA Security Technical Implementation Guide (STIG) implementation and Security Content Automation Protocol (SCAP) tool usage •Familiar with Configuration Management •Excellent attention to detail, organizational skills, and ability to multitask •Strong verbal and written interpersonal, communication, and presentation skills •Strong critical thinking and problem-solving skills •Hold active Security+, CISSP, CISA, or equivalent certifications (DoD 8570 IAM 2 equivalent)
Position description: Seeking an IT Audit Advisory Consultant/FISCAM Subject Matter Expert (SME). The IT Audit Advisory Consultant will support Financial Improvement and Audit Readiness (FIAR) activities to establish and drive sustainable and auditable financial and IT processes.
The candidate will be responsible for: •Design, develop, and implement IT corrective action plans (CAPs) for self-identified deficiencies (SIDs) and external IPA findings •Perform CAP validation testing for completed remediation activities •Perform baseline review assessments (e.g., FISCAM) to assess system readiness and remediate identified deficiencies •Monitor, track, and report on IT CAP statuses and third-party risk management (e.g., service providers) •Develop risk-based approaches for prioritization of IT findings •Perform advisory services for risk management framework (RMF) activities to support system team IT control implementations in accordance with financial management overlay •Integrate leading practices for IT audit remediation
Required Qualifications: •Must be a U.S. Citizen •Active TS/SCI clearance adjudication, and ability to pass a CI poly •8 years of relevant experience and a Bachelor's degree appliable to the position from an accredited college or university is required. A Master's degree relevant to the position may be substituted for two (2) years of additional experience. Four (4) years of additional IT audit advisory experience may be substituted for a bachelor's degree. •Experience with effective policy, instruction, and development for Federal or DoD Information Security Programs •Experience with risk analysis and assessment determinations incorporating system/mission owner, and unique operational constraints •Experience with Xacta •Ability to understand IT audit finding recommendations to translate those requirements to functional/technical stakeholders •Ability to understand business processes to develop and implement new controls to mitigate or remediate identified IT audit gaps
Preferred Qualifications: •Ability to learn IT general controls (ITGC), Financial Information System Control Audit Manual (FISCAM), and National Institute of Standards and Technology Special Publication (NIST) 800-53v4 •Experience with Security Control Assessment in compliance with NIST SP 800- 37, NIST SP 800-53, NIST SP 800-53A, and other NIST 800 guide series •Experience with DISA Security Technical Implementation Guide (STIG) implementation and Security Content Automation Protocol (SCAP) tool usage •Familiar with Configuration Management •Excellent attention to detail, organizational skills, and ability to multitask •Strong verbal and written interpersonal, communication, and presentation skills •Strong critical thinking and problem-solving skills •Hold active Security+, CISSP, CISA, or equivalent certifications (DoD 8570 IAM 2 equivalent)