Job Title: External Auditor Consultant
Location(s): Washington, DC (Hybrid)
Description: - Experience with financial applications
- Experience with evaluating cloud internal controls reports, SOC-1 and SOC-2
- Simultaneously works on several complex assignments requiring analysis of control applicability and evaluation of control gaps for financial systems.
- Experience with supporting financial IT audits and successfully developing audit and security related system documentation to reduce risk and meet control requirements desired.
- Experience with performing system audit log reviews via Splunk tool
- Experience assessing and evaluating NIST 800-53 controls
- Experience in developing a Risk Control Matrix, Test of Design and Test of Effectiveness (TOD/TOE)
- Must have at least five years of progressively responsible experience in the information technology arena as an IT auditor, IT security analyst, IT manager, business analyst, system administrator or a combination of these.
- Possess clear, concise, and effective verbal and written communication and project management skills needed for functioning in an unstructured matrix management environment.
- Work independently and meet deadlines for assigned tasks
- Experience with assessing IT systems leveraging SOX, FISCAM, COBIT, or FISMA Compliance strongly desired.
- CISSP or CISA certification strongly desired.
- Experience with Workday or Coup plus, but not required.
KEY RESPONSIBILITIES - Participates in the process to evaluate, develop, maintain, and update the technology compliance program. Advises the technology support officer and technology managers on compliance, information security, and internal controls.
- Prepares the technology departments for the yearly financial statement audit and SOX internal control reviews.
- Assist in developing required documents in support of internal SOX or FISMA reviews.
- Develop solutions with team members to minimize vulnerabilities.
- Advises the technology officer of SOX and compliance issues and recommends solutions
- Provides a weekly status report to the COR documenting concerns, issues, risks, and progress.
- Recommends and helps implement GRC Tools to increase automation in the areas of compliance, auditing, and vulnerability detection for the branch.
- Perform weekly Splunk/audit log reviews and report any anomalies
- Evaluate system documentation to meet compliance requirements
- Assists with building governance and risk management tasks and activities for the team and management review
- Designs, tests and reviews controls for compliance and ensures proper documentation is recorded.
- Creates audit and monitoring reports used by the team, as directed.
The External Auditor Consultant shall deliver, but not limited to, the following: - Thoroughly assess and validate the SOX Risk Control Matrices (RCM's) for identified systems of record against Board policies. Document findings and recommendations.
- Crosswalk the SOX RCMs against the TS/ Board Information Security Program (BISP) standards and procedures and document the results.
- Provide recommendations, develop action plans, and help implement capabilities to improve compliance and security practices.
- Document updates to compliance related policies, processes, procedures, and/or standards as directed by the compliance team.