IT Audit LeadInternal Controls Tester

IT Audit Lead/Internal Controls Tester
Reston VA

Security Clearance Requirement: Current TS/SCI
Location Note: On-Site Support Required

Position Description:
An IT Audit Lead/Internal Controls Tester is responsible for overseeing the planning coordination and execution of audit projects to ensure compliance with IT standards policies and regulations. They provide guidance to the audit team and manage project timelines. Responsibilities also include (1) evaluating Financial and enterprise IT systems and processes in place that secure data. (2) Determine risks to the information assets and help identify methods to minimize those risks. (3) Ensure information management processes follow National Institute of Standards and Technology (NIST) and IC policies and Government Accountability Office (GAO) audit standards. (4) Determine inefficiencies in IT systems and associated management. Solid understanding of Risk Management Framework Federal Information System Management Act of 2002 (FISMA) and Federal Information System Controls Audit Manual (FISCAM) to assess IT operational systems.


Duties & Responsibilities:
The It Audit Lead/Internal Controls Tester will have a role in working directly with clients and other organizational stakeholders to support IT internal control efforts including audits/assessments remediation and other ad-hoc efforts. Specific duties and responsibilities:

• Coordinate with CIO stakeholders to develop a strategy to identify and catalog CIO business/operational processes.
• Collaborate with enterprise stakeholders to provide recommended responses to OIG reports
• Advise on the preparation of the Annual Statement of Assurance (SOA) in accordance with the Office of Under Secretary of Defense for Intelligence (OUSDI) guidance.
• Provide Audit Liaison advisory support to External Audits/Inspections performed by the DIA Office of Inspector General (OIG).
• Provide Advisory support to the CIO Risk Champion CIO Risk Owners/Leads and the Strategic Policy and Planning Office on Information Security and business areas to improve effectiveness and efficiency of risk management activities.
• Provide Advisory support to the CIO on preparation for any Enterprise Risk Management related examinations conducted by external parties such as regulatory agencies any potential internal audit.
• Provide strategic direction for IT audit activities ensuring alignment with enterprise risk management.
• Develop and maintain audit policies procedures and standard operating guidelines.
• Mentor coach and lead internal audit staff or contractors as applicable.

• Performing rigorous audits/assessments of IT controls using industry-standard guidance and leading practices
• Performing walkthrough interviews and maintaining communication with a variety of client stakeholders including system personnel such as system and database administrators
• Requesting obtaining reviewing and analyzing a variety of artifacts to assist in executing IT controls testing such as security plans SOPs system screenshots and system configuration settings
• Evaluating the design and operating effectiveness of IT controls using provided artifacts industry-standard guidance leading practices and professional judgement
• Professionally documenting the results of IT controls test work in a consistent and high-quality manner that would allow a reviewer to repeat the test and reach the same conclusion
• Summarizing and communicating IT controls assessment results to a variety of client stakeholders including senior leadership personnel
• Planning and executing day-to-day activities of IT controls assessments individually and for the team
• Working with client personnel to understand and analyze known IT control weaknesses identify root causes and develop detailed robust remediation plans
• Providing subject matter expertise to client personnel on all matters relating to IT controls and responding to ad-hoc IT controls requests from client personnel

• Experience in Audit and Internal Controls with the Intelligence Community (preferred) or DoD government agencies.
• Understanding of commonly used internal control and information technology frameworks including Control Objectives for Information and Related Technologies (COBIT). International Organization for Standardization (ISO) 27001 NIST Cybersecurity Framework Information Technology Infrastructure Library (ITIL).
• Extensive knowledge in relevant information technology field such as Information Security Cybersecurity Windows 0365 databases (Oracle Structured Query Language (SQL)) Cloud Services 3rd Party hosted services Patch Management Application Development Software Development Lifecycle (SDLC) Project Management Firewalls Business Continuity and IT Operations.
• Experience working with Enterprise Resource Planning (ERP) systems is a plus (e.g. SAP).
• Extensive knowledge of the IC and IT policy and procedures relating to the Risk Management Framework and IT Audits.
• Demonstrates knowledge and experience in IT risk and controls through IT audits IT control assessments and IT security reviews. Demonstrates a working knowledge of IT audit the FISCAM and other relevant federal information assurance laws regulations and guidance.
• Experience performing IT audits OMB Circular A-123 or similar internal control assessments and/or remediating and implementing IT controls is preferable. Experience testing or remediating some or all the following IT controls topic areas is preferable:
• Access and account management including authorization provisioning recertification and separation
• Segregation of duties including identifying and defining segregation of duties risks and conflicts preventive and detective segregation of duties controls and understanding the difference between segregation of duties and least privilege
• Technical account management controls such as password length complexity and expiration
• Audit logging and monitoring including generation of audit logs use of audit log aggregation and analysis tools and audit log monitoring and review
• Configuration management including configuration baseline concepts baseline deviations baseline maintenance monitoring for ongoing compliance with a baseline and industry-accepted baselines such as DISA STIGs and CIS benchmarks
• Change management including authorization development testing and deployment of changes
• Contingency planning including backups testing of backups and alternate sites

• Experience performing: Federal Information System Controls Audit Manual (FISCAM) Financial Improvement Audit Remediation (FIAR)and Federal Information Security Management Act (FISMA) security reviews
• CISA or CIA certification
• 1-2 years of Federal or DOD IT audit experience

• High School Diploma/GED and 12 years of experience
• Bachelors degree and 5 years of experience

E-volve Technology Systems salaries are determined by various factors including but not limited to location the candidates education skills experience and competencies as well as contract-specific funding and organizational requirements. The projected compensation range for this position is$172000 to $192000 (annualized USD). The estimate displayed represents the typical salary range for this position and is just one component of E-volves total compensation package for employees.

E-volve Technology Systems Inc. provides Mission Operations Information Technology Management and Intelligence Analysis support services to advance National Security and other Federal Government programs within the Department of Defense (DoD) Intelligence and Civilian government agencies. For more information please visit us at .

E-volve Technology Systems Inc. provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race color religion age sex national origin disability status genetics protected veteran status sexual orientation gender identity or expression or any other characteristic protected by federal state or local laws. This policy applies to all terms and conditions of employment including recruiting hiring placement promotion termination layoff recall transfer leaves of absence compensation and training. We comply with Form I-9 identity and legal work authorization requirements for Employment Eligibility Verification in accordance the Immigration Reform and Control Act of 1986 (IRCA).

E-volve Technology Systems Inc. offers fair and competitive compensation and benefits to all eligible employees. Salaries are dependent upon a wide range of factors including position requirements customer/program needs individual qualifications education experience certification and/or training location and other job-related factors.

Please email any questions to: