2-3 years practical experience with controls validation and compliance testing of CMMC audits, SSAE 16, AT-101 (SOC 1 / SOC 2), PCI, ISO, HIPAA, Privacy, NACHA, or SOX IT General Computer Controls auditing or similar audit experience. Consult with control owners such as system administrators, database administrators, application owners and others on developing complete and repeatable control processes including control documentation such as procedures, control evidence, narratives, control matrices, metrics reports, etc.).