Significance is a woman-owned consulting firm serving the federal government. We are known for building trusted relationships within our teams and with our clients and hiring the highest-level experts who implement innovative solutions. We also like to have fun! Our focus on culture has contributed to Significance being named a Washington Business Journal Best Place to Work each of the last five years.
Significance has an immediate need for an IT Audit SME (Subject Matter Expert) as we support the DoD in the development, revision, implementation, and documentation of IT Compliance strategies.
Location: Prefer Greater Washington DC area, but open to virtual.
Job Description:
Assesses system IT general controls in accordance with applicable laws, regulation, and policies (e.g., Financial Information System Control Audit Manual). Analyze system access controls and segregation of duties in order to align user roles to end-to-end business process risks that would enable development of FIAR SOD rulesets. These SOD rulesets would integrate with the DAF Identity Credential and Access Management (ICAM) solution. Provides recommendations on strengthening access controls and segregation of duty controls, mitigating risk, and implementing corrective actions. Documents and reports audit findings clients. Work cross-functionally to improve ICAM solutions and address compliance requirements. Attend client stakeholder meetings to confirm design, collaborate on integration. Possess excellent interpersonal, verbal, and written skills.
Required qualifications:
• 4 year degree
• Active/Interim Secret clearance
• 4+ years of experience performing IT audits (internally or externally) with a specific focus on access controls and segregation of duties.
• Strong experience working with key stakeholders and users to gather, define, and document processes.
• Strong experience developing business process maps and translating functional requirements.
• Strong experience preparing audit reports and interpreting the significance of audit findings drawing conclusions and analysis from findings.
• Strong experience writing audit reports, identifying risks and recommending appropriate steps to improve effectiveness and mitigate risks.
• Knowledge and awareness of changes in IT audit practices, regulatory requirements, and IT Risk/Control frameworks (i.e., NIST Cybersecurity).
• Knowledge of industry standards, concepts, best practices, and procedures relative to information security (NIST Special Publications, particularly NIST SP 800-53).
• Ability to proactively advise on key risk areas and ensure that processes and quality control techniques are implemented and adopted to support continuous oversight and remediation efforts.
Preferred qualifications (high desirable):
• Knowledge of Cloud services implementation within Azure or AWS of IdentityIQ/SecurityIQ, zero trust security models, and mobile computing
• CISA preferred
Significance, Inc. is an Equal Opportunity / Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, gender, color, age, sexual orientation, gender identification, national origin, religion, marital status, ancestry, disability, protected veteran status, or any other factor prohibited by applicable law.
We are an E-Verify Employer
#LI-MH1