IT Risk & Internal Audit Consultant
Company: Guidehouse
Location: Reston
Posted on: March 10, 2023
Job Description:
Job Family:IT Risk & Controls ConsultingTravel Required:Up to
10%Clearance Required:Ability to Obtain Public TrustWhat You Will
Do:The IT Risk and Internal Audit Consultant will support
stakeholder engagement and technical delivery for efforts
supporting a Department of Homeland Security (DHS) client with IT
controls audit/assessments, remediation, and other related support.
The client is responsible for coordinating and monitoring internal
controls for the organization, including performing assessments in
accordance with OMB Circular A-123, the FISCAM, and assisting other
program offices with remediation and other related internal
controls tasks. This is an ideal role for someone with an IT audit
background who is looking to utilize their skills to support
clients internally as a consultant rather than as an external
auditor.The IT Risk and Internal Audit Consultant will have a role
in working directly with clients and other organizational
stakeholders to support IT internal control efforts, including
audits/assessments, remediation, and other ad-hoc efforts.
Day-to-day tasks include some or all of the following:
- Performing rigorous audits/assessments of IT controls using
industry-standard guidance and leading practices
- Performing walkthrough interviews and maintaining communication
with a variety of client stakeholders, including system personnel
such as system and database administrators
- Requesting, obtaining, reviewing, and analyzing a variety of
artifacts to assist in executing IT controls testing such as
security plans, SOPs, system screenshots, and system configuration
settings
- Evaluating the design and operating effectiveness of IT
controls using provided artifacts, industry-standard guidance,
leading practices, and professional judgment
- Professionally documenting the results of IT controls test work
in a consistent and high-quality manner that would allow a reviewer
to repeat the test and reach the same conclusion
- Summarizing and communicating IT controls assessment results to
a variety of client stakeholders, including senior leadership
personnel
- Planning and executing day-to-day activities of IT controls
assessments individually and for the team
- Working with client personnel to understand and analyze known
IT control weaknesses, identify root causes, and develop detailed,
robust remediation plans
- Providing subject matter expertise to client personnel on all
matters relating to IT controls and responding to ad-hoc IT
controls requests from client personnelWhat You Will Need:
- The ability to obtain and maintain a federal Public Trust
- Bachelor's Degree
- ONE (1) or more year' experience in IT controls, audit,
assessment, or remediation.What Would Be Nice To Have:
- Master's Degree
- Certified Information Systems Auditor (CISA) certification
- Demonstrates knowledge and experience in IT risk and controls
through IT audits, IT control assessments, and IT security reviews.
Demonstrates a working knowledge of IT audit, the FISCAM, and other
relevant federal information assurance laws, regulations, and
guidance.
- Experience performing IT audits, OMB Circular A-123 or similar
internal control assessments, and/or remediating and implementing
IT controls is preferable. Experience testing or remediating some
or all of the following IT controls topic areas is preferable:
- Access and account management, including authorization,
provisioning, recertification, and separation
- Segregation of duties, including identifying and defining
segregation of duties risks and conflicts, preventive and detective
segregation of duties controls, and understanding the difference
between segregation of duties and least privilege
- Technical account management controls, such as password length,
complexity, and expiration
- Audit logging and monitoring, including generation of audit
logs, use of audit log aggregation and analysis tools, and audit
log monitoring and review
- Configuration management, including configuration baseline
concepts, baseline deviations, baseline maintenance, monitoring for
ongoing compliance with a baseline, and industry-accepted baselines
such as DISA STIGs and CIS benchmarks
- Change management, including authorization, development,
testing, and deployment of changes
- Contingency planning, including backups, testing of backups,
and alternate sitesWhat We Offer:Guidehouse offers a comprehensive,
total rewards package that includes competitive compensation and a
flexible benefits package that reflects our commitment to creating
a diverse and supportive workplace.Benefits include:
- Medical, Rx, Dental & Vision Insurance
- Personal and Family Sick Time & Company Paid Holidays
- Position may be eligible for a discretionary variable incentive
bonus
- Parental Leave and Adoption Assistance
- 401(k) Retirement Plan
- Basic Life & Supplemental Life
- Health Savings Account, Dental/Vision & Dependent Care Flexible
Spending Accounts
- Short-Term & Long-Term Disability
- Student Loan PayDown
- Tuition Reimbursement, Personal Development & Learning
Opportunities
- Skills Development & Certifications
- Employee Referral Program
- Corporate Sponsored Events & Community Outreach
- Emergency Back-Up Childcare Program
- Mobility StipendAbout GuidehouseGuidehouse is an Equal
Employment Opportunity / Affirmative Action employer. All qualified
applicants will receive consideration for employment without regard
to race, color, national origin, ancestry, citizenship status,
military status, protected veteran status, religion, creed,
physical or mental disability, medical condition, marital status,
sex, sexual orientation, gender, gender identity or expression,
age, genetic information, or any other basis protected by law,
ordinance, or regulation.Guidehouse will consider for employment
qualified applicants with criminal histories in a manner consistent
with the requirements of applicable law or ordinance including the
Fair Chance Ordinance of Los Angeles and San Francisco.If you have
visited our website for information about employment opportunities,
or to apply for a position, and you require an accommodation,
please contact Guidehouse Recruiting at 1- or via email at . All
information you provide will be kept confidential and will be used
only to the extent required to provide needed reasonable
accommodation. Guidehouse does not accept unsolicited resumes
through or from search firms or staffing agencies. All unsolicited
resumes will be considered the property of Guidehouse and
Guidehouse will not be obligated to pay a placement fee.
Keywords: Guidehouse, Reston , IT Risk & Internal Audit Consultant, Professions , Reston, Virginia
Didn't find what you're looking for? Search again!
Loading more jobs...