Overview
Skills
Job Details
The IS Audit Analyst will support one of our federal government programs, working on a variety of audits encompassing information technology, operational processes, and integrated activities.
This analyst will assist in planning audits and executing audit procedures designed to support client in achieving the security control objectives for each audit engagement. This position includes significant internal and external client interface, and as such requires strong professional presence, communication, and decision-making skills.
The analyst will be capable of identifying and addressing audit issues across a variety of business areas and risk exposures, including technology and operational matters. The ability to establish exceptional relationships and credibility within client and the customer, is essential to the individual s success.
Key Responsibilities:
Review and update information Security audit procedure documents.
Annual review of all baseline security controls and update accordingly.
Review, and create audit plans and tasks for all assessments.
Identify and engage with appropriate teams and resources for the audits.
Document all findings and remediation plans for submission and approval.
Collect data and prepare audit status reports.
Maintain FISMA required System Security Plan and associated compliance artifacts.
Conduct architecture reviews and security impact assessments for technology and software development initiatives.
Prepare and maintains plans on standard operating procedures.
Update and documents security controls.
Review, update, and manage annual information security training content.
Required Experience:
Three or more years of experience, either in a Fortune 500 internal audit function or professional services firm. Although financial services experience is highly desired, other industry experience will be considered as appropriate.
A bachelor s degree from an accredited university
Professional certification (e.g., CPA, CISA, CIA, CISSP, CISM, CFE, PMP, etc.)
Experience with FIMSA, NIST, ISO, FedRAMP and other control frameworks
Knowledge of Hardware / OS such as Windows, UNIX, Linux
Knowledge of Database technologies such as Oracle, MS SQL, DB2
Technical proficiency in one or more of the following areas:
Application Security (including OWASP concepts and application architecture and controls)
Business Continuity & Disaster Recovery Planning Client Services & Implementations
Computer Operations (including capacity, performance, and problem management)
Enterprise Resource Planning and Business Management Solutions (including SAP)
Database Administration & Security (including Oracle, Microsoft SQL)
Information Security & Data Privacy
Mainframe (Unisys, IBM), Midrange (iSeries) and Distributed (Windows, UNIX) Systems
Network & Infrastructure Architecture and Security (including network segmentation concepts, firewalls, routers, VPN solutions etc.)
Physical Security & Data Center Environmental Controls
Systems Development (including SDLC, project management and change control methodologies)
Other Required Experience:
Advanced communication skills: Must be able to write, present and listen to diverse groups and individuals; including senior leadership and clients.
Must have advanced MS Excel Skills, including pivot table, charting and formula/function skills.
Information Technology: With preference to security and or defensive application/system technologies
Proficient in MS Word, SharePoint, PowerPoint, Visio and Project
Must be able to travel as needed: Up to 20%
NO THIRD PARTIES!!! NO SUB-CONTRACTORS!!! NO 1099 s!!! NO CORP to CORP!!!
Data Resource Technologies Inc. is an Information Technology Staffing Firm serving the markets of the United States of America; the greatest country in the world. We work with Direct Clients Only and do not participate in multi-layer contracts. Earn The Most Possible and put over 60 years of Information Technology Industry experience to work for you today, Call or Apply NOW!!!