IT Auditor /Government & risk compliance consultant - Expert In Recruitment Solutions
Jacksonville, FL 32034
About the Job
ONLY LOCALS PLEASE
IT Auditor /Government & risk compliance consultant
Job location-Richmond /Mclean VA(Hybrid)
Project :
Role is surrounding a continuous controls monitoring program that they're trying to stand up within cybersecurity. They're looking to build out what will be many audits of controls (understanding how the controls operate, reviewing controls, setting requirements, etc.) and establishing where the data resides and how to build out requirements for the data analyst.
Issues with candidates so far - lots of folks with tech compliance where it seems like they understand how to gather evidence for controls but don't understand how to set the requirements for evidence gathering for controls. They have step 2 (gathering evidence) but not step 1 (setting requirements on how to gather evidence, etc.)
Must have
Skills Required
Bachelors Degree
5+ years of experience in technology audit, compliance, or governance & risk management
2+ years of experience with cloud environments
2+ years of experience in an agile or scrum environment
CISA, CISM, Security+, CISSP, CEH, CCSP, or AWS Certification
Experience with regulatory requirements and control frameworks (e.g., SOX, COSO, COBIT)
Experience developing and implementing a continuous controls monitoring program.
Problem-solving and decision-making skills, with the ability to analyze complex issues and develop practical solutions.
Demonstrated ability to manage multiple projects simultaneously, prioritize tasks, and meet deadlines in a fast-paced environment.
Some expertise within controls testing and controls documentation.
Knowledge of building out reporting.
Audit experience would be beneficial.
Evidence gathering + understanding what evidence to gather and setting requirements.
Executing audits, controls testing, and controls documentation.
Nice to have
Audit certs
Cybersecurity certs (not required and not as important as the auditing experience)
RESPONSIBILITIES
Assist in the development of a controls monitoring strategy to set standards and best practices for control execution, monitoring, alerting, and reporting.
Deliverable: Build requirements and draft an approved standard for controls monitoring
Develop and implement monitoring procedures and reporting to track control performance, identify gaps/deficiencies, remediate deficiencies within an SLA, and recommend areas for enhancement.
Deliverable: Develop monitoring procedures and artifacts for in scope controls
Collaborate with cross-functional teams to ensure alignment of control design and execution with controls monitoring requirements.
Deliverable: Align control designs and execution to the monitoring procedure
Based on monitoring procedures, conduct thorough assessments to evaluate the effectiveness of controls on a periodic basis to ensure execution, accuracy, and quality
Deliverable: Execute the created controls monitoring procedures
Enable reporting to provide timely updates to management on control status, issues, and remediation efforts
Deliverable: Productionalize reporting of control execution monitoring
Actively seek and report on opportunities to strengthen monitoring and reporting processes via automation
Deliverable: Define opportunities for automated monitoring and reporting
Basic Qualifications for Support Personnel
IT Auditor /Government & risk compliance consultant
Job location-Richmond /Mclean VA(Hybrid)
Project :
Role is surrounding a continuous controls monitoring program that they're trying to stand up within cybersecurity. They're looking to build out what will be many audits of controls (understanding how the controls operate, reviewing controls, setting requirements, etc.) and establishing where the data resides and how to build out requirements for the data analyst.
Issues with candidates so far - lots of folks with tech compliance where it seems like they understand how to gather evidence for controls but don't understand how to set the requirements for evidence gathering for controls. They have step 2 (gathering evidence) but not step 1 (setting requirements on how to gather evidence, etc.)
Must have
Skills Required
Bachelors Degree
5+ years of experience in technology audit, compliance, or governance & risk management
2+ years of experience with cloud environments
2+ years of experience in an agile or scrum environment
CISA, CISM, Security+, CISSP, CEH, CCSP, or AWS Certification
Experience with regulatory requirements and control frameworks (e.g., SOX, COSO, COBIT)
Experience developing and implementing a continuous controls monitoring program.
Problem-solving and decision-making skills, with the ability to analyze complex issues and develop practical solutions.
Demonstrated ability to manage multiple projects simultaneously, prioritize tasks, and meet deadlines in a fast-paced environment.
Some expertise within controls testing and controls documentation.
Knowledge of building out reporting.
Audit experience would be beneficial.
Evidence gathering + understanding what evidence to gather and setting requirements.
Executing audits, controls testing, and controls documentation.
Nice to have
Audit certs
Cybersecurity certs (not required and not as important as the auditing experience)
RESPONSIBILITIES
Assist in the development of a controls monitoring strategy to set standards and best practices for control execution, monitoring, alerting, and reporting.
Deliverable: Build requirements and draft an approved standard for controls monitoring
Develop and implement monitoring procedures and reporting to track control performance, identify gaps/deficiencies, remediate deficiencies within an SLA, and recommend areas for enhancement.
Deliverable: Develop monitoring procedures and artifacts for in scope controls
Collaborate with cross-functional teams to ensure alignment of control design and execution with controls monitoring requirements.
Deliverable: Align control designs and execution to the monitoring procedure
Based on monitoring procedures, conduct thorough assessments to evaluate the effectiveness of controls on a periodic basis to ensure execution, accuracy, and quality
Deliverable: Execute the created controls monitoring procedures
Enable reporting to provide timely updates to management on control status, issues, and remediation efforts
Deliverable: Productionalize reporting of control execution monitoring
Actively seek and report on opportunities to strengthen monitoring and reporting processes via automation
Deliverable: Define opportunities for automated monitoring and reporting
Basic Qualifications for Support Personnel
Source : Expert In Recruitment Solutions
