R&K Solutions
Information Systems Auditor II
R&K Solutions, Roanoke, Virginia, United States, 24000
R&K Solutions, Inc. is seeking a motivated and qualified Information Systems Auditor to support ourcloud Software as a Service (SaaS) environment and company networks. The ideal candidate hasexperience working with Risk Management Frameworks such as FedRAMP, FISMA, DoD RMF or ISO andmust have experience auditing NIST security controls. This position will perform internal audit to ensurecompliance for FedRAMP and CMMC frameworks, interface with Third Party Assessment Organizations(3PAO), perform gap analysis, and assist in cybersecurity defense.
R&K is an employee-owned company and an equal opportunity / affirmative action employer. EOE AAM/F/Vet/Disability.
Duties:
Key job tasks include, but are not limited to:
Works closely with Information Systems Security Manager (ISSM) to ensure annual FedRAMP and CMMC compliance.Perform annual security reviews, annual testing of security controls and annual testing of the contingency plan in line with FedRAMP requirements.Audits information systems, platforms, and operating procedures in accordance with established FedRAMP and DoD standards.Working with system administrators, engineers, and developers to update system/site polices, procedures, and process guides.Assist Security Analysts with cybersecurity defense and incident response.Work closely with external auditors and internal IT teams on managing and supporting audits.Identify, document, and map technology processes and internal controls.Assist ISSM in writing and maintaining System Security Plans, policy, and procedures.Perform risk assessments of technology infrastructure, operational processes, and controls, including vulnerability scanning and risk mitigation planning.Complete audit testing, inquiry, observation, and other analysis required to meet the objectives of audit projects.Communicate progress and results of audits throughout the audit engagements.Develop value-added recommendations to deal with issues identified during assigned audits and create reports to formally communicate the results of the audit and related recommendations.Monitor implementation of outstanding audit recommendations and validate their implementation.Assist with Vulnerability Management.Qualifications:
Bachelor's degree and 2-4 year of audit experience or Associate's degree with 4+ years of audit experience will be considered. A year of network or system administration experience will be considered in lieu of a year of audit experience.The candidate must have a CompTIA Security+ certification (or other DoD IAT Level II certification) or must pass certification at applicant's expense within 3 months of hire.In-depth understanding of NIST 800-53 and 800-171 security controls.Experience with Risk Management Frameworks such as FedRAMP, FISMA, DoD RMF or ISO.Experience maintaining a System Security Plan (SSP).The candidate must be a US Citizen and either possess or be able to obtain a Secret-level DoD clearance.CISA, CISM, CIA, CISSP or other relevant certifications preferred.The candidate will have a strong work ethic with the ability to learn new concepts quickly.Good planning and organizational skills with ability to multi-task to balance and prioritize work amongst multiple teams and stakeholders.Working knowledge in the application of information security concepts, principles, and practices.Understanding of technical security solutions (firewall, intrusion prevention, endpoint protection).Experience using vulnerability management tools such as ACAS, Nessus, Qualys, Rapid 7 or similar.Experience producing a FedRAMP Authority to Operate (ATO) package is a plus.Experience using eMass or other GRC tools is a plus.Candidates local to the Roanoke, VA area are preferred.Salary will be based on experience and potential to succeed.
R&K is an employee-owned company and an equal opportunity / affirmative action employer. EOE AAM/F/Vet/Disability.
Duties:
Key job tasks include, but are not limited to:
Works closely with Information Systems Security Manager (ISSM) to ensure annual FedRAMP and CMMC compliance.Perform annual security reviews, annual testing of security controls and annual testing of the contingency plan in line with FedRAMP requirements.Audits information systems, platforms, and operating procedures in accordance with established FedRAMP and DoD standards.Working with system administrators, engineers, and developers to update system/site polices, procedures, and process guides.Assist Security Analysts with cybersecurity defense and incident response.Work closely with external auditors and internal IT teams on managing and supporting audits.Identify, document, and map technology processes and internal controls.Assist ISSM in writing and maintaining System Security Plans, policy, and procedures.Perform risk assessments of technology infrastructure, operational processes, and controls, including vulnerability scanning and risk mitigation planning.Complete audit testing, inquiry, observation, and other analysis required to meet the objectives of audit projects.Communicate progress and results of audits throughout the audit engagements.Develop value-added recommendations to deal with issues identified during assigned audits and create reports to formally communicate the results of the audit and related recommendations.Monitor implementation of outstanding audit recommendations and validate their implementation.Assist with Vulnerability Management.Qualifications:
Bachelor's degree and 2-4 year of audit experience or Associate's degree with 4+ years of audit experience will be considered. A year of network or system administration experience will be considered in lieu of a year of audit experience.The candidate must have a CompTIA Security+ certification (or other DoD IAT Level II certification) or must pass certification at applicant's expense within 3 months of hire.In-depth understanding of NIST 800-53 and 800-171 security controls.Experience with Risk Management Frameworks such as FedRAMP, FISMA, DoD RMF or ISO.Experience maintaining a System Security Plan (SSP).The candidate must be a US Citizen and either possess or be able to obtain a Secret-level DoD clearance.CISA, CISM, CIA, CISSP or other relevant certifications preferred.The candidate will have a strong work ethic with the ability to learn new concepts quickly.Good planning and organizational skills with ability to multi-task to balance and prioritize work amongst multiple teams and stakeholders.Working knowledge in the application of information security concepts, principles, and practices.Understanding of technical security solutions (firewall, intrusion prevention, endpoint protection).Experience using vulnerability management tools such as ACAS, Nessus, Qualys, Rapid 7 or similar.Experience producing a FedRAMP Authority to Operate (ATO) package is a plus.Experience using eMass or other GRC tools is a plus.Candidates local to the Roanoke, VA area are preferred.Salary will be based on experience and potential to succeed.