Kforce has a client in search of an IT Auditor in Fairfax, Virginia (VA).
* Perform FISCAM audit readiness through testing of ITGC (IT general controls) and application controls in a business process
* Apply FISCAM approaches and assess information system controls in areas of information assurance, access control, change control, disaster recovery, and segregation of duties
* Develop and create corrective action plans to provide practical recommendations to the client
* Conduct risk assessments of IT systems and internal controls including Complementary User Entity Controls (CUECs) to identify key controls
* Ensure Service Provider SSAE No. 18 Reports identifies CUECs in place, to be able to rely on the Service Provider controls
* Ensure that CUECs are included within the Risk and Control Matrix and testing is performed over these controls
Ensure the system of internal controls surrounding the compilation of financial statements include but not limited to the following:
* Implementing CUECs
* Monitoring the effectiveness of Service Provider controls
* Monitoring the effectiveness of Subservice Provider controls
* Monitoring the status of ongoing Corrective Action Plans
* Review Service Provider SOC 1 Reports to determine the effectiveness of the design and operation of controls at the Service and Subservice Providers
* Perform an analysis of CSOCs to determine whether the Service Provider is adequately monitoring CSOCs and whether those controls are operating effectively
* Responsible for understanding which controls address Service Provider CUECs, Subservice Providers CSOCs, and who maintains ownership of those controls
* Ensure that controls performed by Service Providers are included within the testing scope, unless covered under the Service Provider's SSAE No. 18 Examination
* Bachelor's degree is required; MBA or equivalent with a Certified Information Systems Auditor (CISA) is preferred.
* At least five years of service/agency specific experience (USA, USAF, USMC, USN, Defense Agencies) or public accounting firm performing IT audits and self-reviews of information systems
* Relevant experience with FISCAM audit readiness and remediation including Complementary User Entity Controls (CUECs)
* Extensive experience and practical application understanding of NIST, FIPS, FFMIA, and FMFIA with the ability to apply
* Extensive experience supporting a DoD service is required; ODO is preferred
* Applicants selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information
Kforce is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.