IT Security Auditor

Job Title: IT Security Auditor Location: Hybrid (2-3 days onsite) Pay Rate: $40-$60/hr Security Clearance: Secret Clearance Required Position Overview: We are seeking a highly skilled IT Security Auditor to join our team. This role requires a strong understanding of IT security standards, risk assessment, and control implementation. The ideal candidate will have experience working with federal financial management and accounting regulations, and possess a deep knowledge of FISCAM, NIST RMF, and other relevant frameworks. Responsibilities: • Risk Assessment and Control Evaluation: Identify, assess, and evaluate IT inherent and detective risks related to internal controls. Develop and maintain Risk and Control Matrices (RACMs) to support financial statement audits. • Standards and Framework Adherence: Ensure compliance with information assurance standards such as NIST RMF, 800-53, FISCAM, DODI 8500, DODI 8510, SSAE-18, and AT-C320. • Corrective Action Implementation: Design, implement, and test corrective actions to address ITAC/ITGC relevant audit risks. • Process Mapping and Analysis: Conduct end-to-end process mapping of IT systems and processes to identify potential vulnerabilities and control gaps. • Audit Report Review: Review and evaluate issued audit findings, including NFRs, to ensure accuracy and completeness. • Security Clearance: Maintain an active security clearance. Qualifications: Must-Haves: • Master's Degree in Accounting, Finance, Information Technology, or Business Management or CPA or CISA or PMP or CGFM or CDFM • 4 years of experience with federal financial management • 2 years of federal accounting experience • Ability to identify controls that mitigate ITAC/ITGC relevant risks • Demonstrated experience with leveraging FISCAM/NIST RMF as part of testing, reviewing, and guiding • Experience designing and implementing (or independently testing TOD/TOE) corrective actions to address ITAC/ITGC relevant audit risks Preferred Skills: • Experience with Federal/DoD clients • Experience with business process end-to-end process mapping • Performing federal audits that provided an audit opinion • Performing federal audits that issued a disclaimer of opinion • Experience with evaluating SOC reports in support of a financial statement audit • Experience with supporting DoD SSAE-18 AT-C examinations as a service auditor