Senior IT Audit & Compliance Manager

ASSYST is seeking a Senior IT Audit & Compliance Manager to support our upcoming project in Alexandria, VA

The Contractor shall provide subject matter expertise and support to maintain and enhance an Audit Management program. OCIO facilitates audits for various reasons to include requests from the Government Accountability Office, Office of Inspector General, FISMA Compliance, High Value Asset, Chief Financial Officer, Internal Control audits, etc.

Responsibilities:

• Maintain, update, and prepare Audit Management Standard Operating Procedures.
• Maintain an audit request and response database that is accessible by multiple stakeholders.
• Independently research, gather information, and submit audit artifacts, as needed.
• Coordinate with stakeholders to acquire audit artifacts and responses, as needed.
• Support the Audit Liaison in research and drafting of audit responses.
• Conduct recurring audit meetings with client management and audit stakeholders.
• Maintain a list of findings and follow the findings through remediation and closure.
• Manage each audit engagement in collaboration with all stakeholders.
• Assist with managing and maintaining visibility of POA&Ms to achieve acceptable levels of risk.
• Establish and maintain metrics to show progress and performance of audit.
• Report on audit and risk as required.
• Meet due dates and deadlines for audit work and responsibilities.

Required Experience:

• Minimum 7 years of experience in IT and security.
• Minimum of 3 years' experience supporting an Information Security program at a Federal Agency.
• Experience with the Federal Information Security Modernization Act (FISMA), Federal Risk and Authorization Management Program (FedRAMP), Federal Information Processing Standards (FIPS), and National Institute of Standards and Technology (NIST) Special Publications.
• Experience utilizing the Risk Management Framework, the Cyber Security Framework, executing Security Assessment and Authorization activities, and the ability to translate requirements from system engineers and developers into data-driven and risk-based recommendations.
• Experience working with and managing relationships with System Owners, Information System Security Officers, Authorizing Officials, and Chief Information System Security Officers.
• Experience managing IT Governance, Risk, and Compliance Programs and using RSA Archer eGRC tool.

Required Certification:

• Certified Information System Security Professional (CISSP) and Certified Information Systems Auditor (CISA);

Preferred Certification:

• Project Management Professional (PMP)

Education:

Master of Science in Information Management Systems or related field.

ASSYST is an Equal Opportunity Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, disability, military status, national origin or any other characteristic protected under federal, state, or applicable local law